Using an LDAP Server for Client Authentication

Launch the TomEE Configuration Utility from one of the following:

<SEE_install_directory>/config/tomcat/bin/config.bat

Note: You may have to run config.bat as Administrator if you do not have access rights.

or

config.sh

Go to the LDAP wizard.

Select Secured Mode.

Enter the following information:

Connection URL: The location and the port number for the LDAP server.
Note: If you are setting up a connection over secure LDAP (LDAPS), then you must import the security certificates of the LDAP server in to the keystore of the JVM used by TomEE
Connection Name: The user name that is used to connect to the LDAP repository.
Connection Password: The password for the user name.
User Base: The base entry for a user search. For more information, consult your local system administrator.
Role Base: The base entry for a role search. For more information, consult your local system administrator.

Assign user(s) and/or group(s) to the required roles by entering a list of user names and/ or group names separated by semicolons.

To import security certificates of the LDAP server in to the keystore of the JVM used by TomEE, open a console terminal and execute following commands. Note that, some certificates have several intermediate certificates, and all of them should be imported into the keystore.

cd /d <Isight installation directory>\win_b64\code\jre8\bin

echo y | keytool.exe -importcert -keystore ..\lib\security\cacerts -storepass <keystore password> -alias <alias> -file <full path of certificate file>

Default keystore password is usually 'changeit'. Alias is a any alphanumeric string.