Setting up VMTurbo to communicate to Secure LDAP (LDAPS)

I’d like to connect to our Active Directory Server using the ‘Secure’ option in VMTurbo, how do I achieve this?

 

First the Domain itself has to be configured to use LDAPS.  Please refer to Microsoft documentation on how to configure LDAPS.

In this document we will be using a Windows 2008R2 Domain, with the Enterprise CA Role installed on the Domain controller.  This configuration enables LDAPS automatically.

 

  1. Save the SSL Certificate information from your LDAPS Server to a .CER file (one way to accomplish this is by viewing the certificate properties and Save As.. or Export to get a .CER file.)
  2. Now SCP (secure copy) this .CER file from the PC/MAC/Etc. which you've saved the .CER file to the VMTurbo appliance, /tmp DIR, using the credentials:  root/vmturbo
  3. Next open an ssh session to the VMTurbo appliance using root/vmturbo
  4. cd /tmp
  5. Run the following command: keytool -import -alias secure -file secure.cer -keystore secure.jks
    • (The above example assumes you’ve saved the .CER file with the name ‘secure.cer’, replace all instances of ‘secure’ with your file name)
    • Create a keystore PW if asked to do so
  6. The ‘secure.jks’ file has been saved to /tmp
  7. Copy the .jks file to /etc/ssl/certs by running the following command from the ssh session:
    • cp secure.jks /etc/ssl/certs
  8. Next we have to tell tomcat to use this keystore and .jks file by editing the tomcat config file:
    • vi /etc/tomcat/tomcat.conf (or vi /etc/tomcat6/tomcat6.conf for pre 4.0 release)
  9. Now append the following to the end of the file CATALINA_OPTS variable
    •  "-Djavax.net.ssl.trustStore=/etc/ssl/certs/secure.jks"
  10. Such that the whole CATALINA_OPTS= line looks like:

    CATALINA_OPTS="
    -Djavax.net.ssl.trustStore=/etc/ssl/certs/secure.jks"

11. Next we have to restart tomcat so it picks up the new keystore:

12. From the ssh session run:

       service tomcat6 restart   (for pre-4.0 versions of VMTurbo)

or

     service tomcat restart   (for 4.0+ versions of VMTurbo)

13. Now go to your web browser and login to VMTurbo

14. Go to the Admin Tab >> User Authentication

15. Add the Active Directory Server name and click the ‘Secure’ checkbox, Click the ‘Apply’ button

  • Note:  If you already had the Active Directory Server entered, simply check ‘Secure’ and click ‘Apply’.

16. Now add a user from this domain, selecting ‘Type’ as ‘Active Directory’

17. Log out of VMTurbo Web Interface

18. Log in with the new or existing domain user using domain\username

Once logged in using your AD credentials, you are connected to AD 

Have more questions? Submit a request

Comments

  • Avatar
    Natalia Ladiko

    Hi Joel,

    Thanks for the great article.

    Just a small update, when configuring this on CentOS, tomcat.conf file doesn't have CATALINA_OPTS variable in it.
    So in step 9, add the whole line with the variable:
    CATALINA_OPTS="-Djavax.net.ssl.trustStore=/etc/ssl/certs/secure.jks"

    Other than that, it works great. Thank you.