We are trying to import our G-Suite users into Crowd using Google's LDAP service. G-Suite requires a client certificate for LDAP authentication. There is no way in Crowd to provide a client certificate to any of the built-in directory connectors. We tried several, but we think the correct choice is probably OpenLDAP.
I tried following the instructions offered by Google for connecting Jira to their LDAP service. We already have a key-store that we use for our TLS cert in $CROWD_INSTALL_DIR/shared/ssl.jks. So I modified the setenv.sh file to include the following.
JAVA_OPTS="-Xms128m -Xmx512m -Dfile.encoding=UTF-8 $JAVA_OPTS"
echo "$JAVA_OPTS"
JAVA_OPTS="-Djavax.net.ssl.keyStore=/var/crowd-home/shared/ssl.jks -Djavax.net.ssl.keyStorePassword=fake $JAVA_OPTS"
export JAVA_OPTS
I then specified the rest of the configuration, including username and password, through the web interface. But I got the same result as without any client certificate.
How do we provide this client certificate to Google?
As you pointed out, there is no option to configure certificate authentication in Crowd's LDAP directory connector at this time. Thus I suggest that you use stunnel as recommended by Google in such cases.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.