Solved

Secure LDAP with MS Active Directory for Oracle PeopleSoft

Posted on 2016-08-28
1
69 Views
Last Modified: 2016-08-31
customer of mine has a Oracle PeopleSoft application at root domain (example domain.local) All their users are located at child domain (example child.domain.local).

they want to implement Secure LDAP for authentication. I have enable the Secure LDAP on the child domain with server Self Sign cert for testing purpose.

now the question is:-

1. customer  has root domain wildcard public signed cert, according to the CA, the current root domain wildcard cert is usable for child domain as well but when I try with LDP tool, the query will failed.

if I use the CA signed wildcard root cert, I will not able to query it with port 636 with LDP tool. but it I use self sign cert, the query will passed through.

2. if I use self sign cert, from the AD server itself I can get the correct test result with LDP.exe tool. but, from application site, the authentication is failed.
the error is "APPSRV.1300 (4344) [08/23/16 10:24:25 username@client IP (Safari 537.36; WIN7) ICPanel](3) LDAP Error Message : javax.naming.CommunicationException: simple bind failed: server Ip address:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain]"

I googled internet source and found some how the Oracle itself also required to upload the signed cert but I will leave to their apps folks to do this.

3. can root domain wildcard is able use for such implementation? any article I can refer to?
0
Comment
Question by:hell_angel
1 Comment
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 41774072
a wildcard cert only goes down one level
*.domain.com
will work for www.domain.com AD.domain.com child.domain.com
will not work for server.child.domain.com
0

Featured Post

Does Powershell have you tied up in knots?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Three simple tips to quickly and efficiently back up and protect the contents of your PC and Mac®.
Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now