Hi to all
I am trying to configure ihs addon to enable certificate authentication, so that users don’t have to put passwords, they are only authentified with their personal certificates. to do this, i’m trying to exploit the “ldap.prop” file (IBM\Domino\ihs\conf). Until now, when a user connects to the webpage, he is asked to put his client certificate. but after that, he is prompted to put his login/password…
i found an article in ibm doc that deals with LDAP integration:
http://pic.dhe.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=%2Fcom.ibm.websphere.ihs.doc%2Finfo%2Fihs%2Fihs%2Ftihs_ldapconfig.html http://pic.dhe.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=%2Fcom.ibm.websphere.ihs.doc%2Finfo%2Fihs%2Fihs%2Ftihs_ldapconfig.html
so in my domino.conf, i added those lines:
LoadModule ibm_ldap_module modules/IBMModuleLDAP.dll
<Location “${DOMINO_DOCUMENT_ROOT}”>
AllowOverride None
#AuthType Basic
AuthType Cert
AuthName “Pico Homepage”
LdapConfigFile D:\IBM\Domino\ihs\conf\ldap.prop
require valid-user
Order allow,deny
Allow from all
But when i restart the http task in Domino, i have this error:
[0CE8:0002-0A10] 25/10/2013 11:35:20 HTTP Server: Could not detect IBM HTTP Server process, verify that the IBM HTTP Server started and there are no errors. Check IBM HTTP Server error.log file for possible causes.
after verification, i found that the line LdapConfigFile D:\IBM\Domino\ihs\conf\ldap.prop is the one causing the crash of the ihs. i tried many formats of the ldap.prop directory, but without success. Since i cannot find any error message on the log file of ihs, i’m a little stuck now… any suggestion?
ldap.prop config:
ldap.URL=ldap://ics.domain.com/o=Domino
ldap.transport=TCP
ldap.application.authType=Basic
ldap.application.DN=cn=wpsadmin,o=domino
ldap.application.password.stashFile=ldap.sth
ldap.user.authType=Cert
ldap.user.cert.filter=(&(objectclass=person)(cn=%v1))
ldap.group.name.filter=(&(cn=%v1)(|(objectclass=groupofnames)(objectclass=groupofuniquenames)))
ldap.group.memberAttributes=member uniquemember
ldap.idleConnection.timeout=600
ldap.waitToRetryConnection.interval=300
ldap.search.timeout=10
ldap.cache.timeout=600