Improve company productivity with a Business Account.Sign Up

x
?
Solved

Secure LDAP with MS Active Directory for Oracle PeopleSoft

Posted on 2016-08-28
1
Medium Priority
?
169 Views
Last Modified: 2016-08-31
customer of mine has a Oracle PeopleSoft application at root domain (example domain.local) All their users are located at child domain (example child.domain.local).

they want to implement Secure LDAP for authentication. I have enable the Secure LDAP on the child domain with server Self Sign cert for testing purpose.

now the question is:-

1. customer  has root domain wildcard public signed cert, according to the CA, the current root domain wildcard cert is usable for child domain as well but when I try with LDP tool, the query will failed.

if I use the CA signed wildcard root cert, I will not able to query it with port 636 with LDP tool. but it I use self sign cert, the query will passed through.

2. if I use self sign cert, from the AD server itself I can get the correct test result with LDP.exe tool. but, from application site, the authentication is failed.
the error is "APPSRV.1300 (4344) [08/23/16 10:24:25 username@client IP (Safari 537.36; WIN7) ICPanel](3) LDAP Error Message : javax.naming.CommunicationException: simple bind failed: server Ip address:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain]"

I googled internet source and found some how the Oracle itself also required to upload the signed cert but I will leave to their apps folks to do this.

3. can root domain wildcard is able use for such implementation? any article I can refer to?
0
Comment
Question by:hell_angel
1 Comment
 
LVL 85

Accepted Solution

by:
David Johnson, CD, MVP earned 2000 total points
ID: 41774072
a wildcard cert only goes down one level
*.domain.com
will work for www.domain.com AD.domain.com child.domain.com
will not work for server.child.domain.com
0

Featured Post

Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

You do not need to be a security expert to make the RIGHT security. You just need some 3D guidance, to help lay out an action plan to secure your business operations. It does not happen overnight. You just need to start now and do the first thin…
In this article, I explain what Convergent Encryption is and how it can be used.
Are you ready to implement Active Directory best practices without reading 300+ pages? You're in luck. In this webinar hosted by Skyport Systems, you gain insight into Microsoft's latest comprehensive guide, with tips on the best and easiest way…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

606 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question