exception during startup of Oracle Service Registry. It will inform you of a hostname verification error. The stacktrace contains the hostname that you must use. LDAP over SSL With Mutual Authentication Oracle Service Registry does not support LDAP over SSL with mutual authentication. Ensuring Trust of the LDAP Server The client that connects to the SSLTLS server must trust the server certificate in order to establish communication with that server. The configuration of LDAPS explained above inherits the default rule for establishing trust from JSSE the Java implementation of SSLTLS. This is based on trust stores. When a trust store is needed to verify a clientserver certificate, it is searched for in the following locations in order: 1. The file specified by the javax.net.ssl.trustStore system property, if defined; 2. Otherwise the file JAVA_HOME\jre\lib\security\jssecacerts if it exists; 3. Otherwise the file JAVA_HOME\jre\lib\security\cacerts if it exists; It is recommended to use the first option to define a trust store specifically for the application you are running. In this case, you have to change the command that starts the registry or the JVM environment of the ported registry to define the following Java system properties: Description Property Absolute path of your trust store file. javax.net.ssl.trustStore Password for the trust store file. javax.net.ssl.trustStorePassword To ensure that the server certificate is trusted, you have to: 1. Contact the administrator of the LDAP server and get the certificate of the server or the certificate of the authority that signed it; 2. Import the certificate into the trust store of your choice using the Java keytool: keytool -import -trustcacerts -alias alias -file file -keystore keystore -storepass storepass where the parameters are as follows: alias A mandatory, unique alias for the certificate in the trust store; The file containing the certificate usually with .crt extension; The keystore file of your choice; A password designed to protect the keystore file from tampering. Java level keystores cacerts and jssecacerts usually require the password changeit; file The file containing the certificate usually with .crt extension; The keystore file of your choice; Page 113 Ensuring Trust of the LDAP Server A password designed to protect the keystore file from tampering. Java level keystores cacerts and jssecacerts usually require the password changeit; keystore The keystore file of your choice; A password designed to protect the keystore file from tampering. Java level keystores cacerts and jssecacerts usually require the password changeit; storepass A password designed to protect the keystore file from tampering. Java level keystores cacerts and jssecacerts usually require the password changeit;

6.1.5. LDAP Configuration Examples Oracle Internet Directory with Single Search Base

In this example, we show how to configure an Oracle Internet Directory under the LDAP Single Search Base scenario . Section Oracle Internet Directory with Single Search Base shows user properties that are stored in the LDAP server. Figure 35. User Properties in LDAP Section Oracle Internet Directory with Single Search Base shows group properties that are stored in the LDAP server. Page 114 Oracle Internet Directory with Single Search Base Figure 36. Group Properties in LDAP The following table shows how to configure Oracle Service Registry using this scenario. See Config Value Config Property Figure 27 ldap:localhost:389 Java naming provider URL Figure 27 com.sun.jndi.ldap.LdapCtxFactory Initial Naming Factory Figure 27 c n = J o e Patroni,cn=Users,ou=uddi,dc=in,dc=idoox,dc=com Security Principal Figure 27 simple Security Protocol User Properties Figure 29 objectClass=person Search Filter Figure 29 cn=Users,dc=in,dc=idoox,dc=com Search Base Figure 29 Subtree Scope Search Scope Figure 29 100 Result Limit Figure 30 phone telephoneNumber Figure 30 loginName uid Figure 30 fullName cn Figure 30 email mail Group Properties Figure 31 objectClass=groupofuniquenames Search Filter Figure 31 cn=Groups,dc=in,dc=idoox,dc=com Search Base Figure 31 Subtree Scope Search Scope Figure 31 100 Result Limit Figure 32 owner creatorsName Figure 32 description description Figure 32 member uniqueMember Figure 32 name cn Page 115 Oracle Internet Directory with Single Search Base