Unable to Connect to MSAD LDAP over SSL
Server Version 9.0.2 Standalone
Server Profile: Community
Operating System: CentOS 7 minimal Latest Virtual Machine 4 CPU, 6GB Memory, and 100GB Storage.
Java Version 1.8.0_242
Created a Service account on MSAD with Administrator Rights for Read/Write to User/s OU.
My issue is I need to write Password/Login Name attributes back to MSAD from Keycloak. The only way I see this happening is to enable LDAP over SSL.
My Active Directory contains a CA, Keycloak is configured to use Self-Signed certs with Nginx reverse proxy.
“User Federation” configuration and test connection:
“User Federation” configuration and test authentication:
Error shownin server.log.
I used the following link to configure my truststore.
And the SPI I added in the standalone.xml :
> <spi name="truststore">
<provider name="file" enabled="true"> <properties> <property name="file" value="/opt/keycloak/keycloak.9.0.2/keystores/truststore.jks" /> <property name="password" value="secret" /> <property name="hostname-verification-policy" value="WILDCARD"/> <property name="disabled" value="false"/> </properties> </provider> </spi>
Certs in KeyStore as follow;
I’m unsure what to do at this point.
What I’ve tried was installing CA from MSAD to keycloak.Then I tried Installing Certs from Keycloak to MSAD, No joy.
During my research I have found the same problem as others had, but there solution gave me the same results.
Any advice or direction would be apperciated.
Thanks in advance