Solved

Secure LDAP with MS Active Directory for Oracle PeopleSoft

Posted on 2016-08-28
1
60 Views
Last Modified: 2016-08-31
customer of mine has a Oracle PeopleSoft application at root domain (example domain.local) All their users are located at child domain (example child.domain.local).

they want to implement Secure LDAP for authentication. I have enable the Secure LDAP on the child domain with server Self Sign cert for testing purpose.

now the question is:-

1. customer  has root domain wildcard public signed cert, according to the CA, the current root domain wildcard cert is usable for child domain as well but when I try with LDP tool, the query will failed.

if I use the CA signed wildcard root cert, I will not able to query it with port 636 with LDP tool. but it I use self sign cert, the query will passed through.

2. if I use self sign cert, from the AD server itself I can get the correct test result with LDP.exe tool. but, from application site, the authentication is failed.
the error is "APPSRV.1300 (4344) [08/23/16 10:24:25 username@client IP (Safari 537.36; WIN7) ICPanel](3) LDAP Error Message : javax.naming.CommunicationException: simple bind failed: server Ip address:636 [Root exception is javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted Server Certificate Chain]"

I googled internet source and found some how the Oracle itself also required to upload the signed cert but I will leave to their apps folks to do this.

3. can root domain wildcard is able use for such implementation? any article I can refer to?
0
Comment
Question by:hell_angel
1 Comment
 
LVL 78

Accepted Solution

by:
David Johnson, CD, MVP earned 500 total points
ID: 41774072
a wildcard cert only goes down one level
*.domain.com
will work for www.domain.com AD.domain.com child.domain.com
will not work for server.child.domain.com
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

In this article, we will see the basic design consideration while designing a Multi-tenant web application in a simple manner. Though, many frameworks are available in the market to develop a multi - tenant application, but do they provide data, cod…
Synchronize a new Active Directory domain with an existing Office 365 tenant
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now