Most LDAP servers support encrypted communications through LDAP/SSL (ldaps) protocol (port 636), it is possible to configure LUNA to use this protocol.
First, you need to generate a keystore to store the certificate from your LDAP server. With Java 1.5 set in your PATH variable, execute:
keytool -genkey -alias mydomain -keyalg RSA -keystore keystore.jks
Replace "mydomain" with your domain name and enter information about your institution. A file called "keystore.jks" will be created. Copy it to a location that is accessible by LUNA, assign proper permissions so this file is readable by the system user running JBoss/Tomcat.
Second, obtain the server certificates signed by a trusted CA from your LDAP server administrator. (example: equifax.crt) The certificate is need to verify the LDAP server certificates when making a secure connection. Execute the following command to import the certificate into your keystore:
keytool -import -trustcacerts -alias root -file equifax.crt -keystore keystore.jks
Then update your applicationContext.xml in LUNA, in the following section:
<bean id="ldapAuthenticationSearch" class="com.luna.insight.client.security.ldap.LDAPAuthenticationSearchImpl">
<property name="ldapUserAttribute" value="insightUser"/>
<property name="ldapURL" value="ldaps://ldap.myorg.edu"/>
<property name="baseDN" value="dc=myorg,dc=edu"/>
<property name="loginSSL" value="1"/>
<property name="trustStorePath" value="/usr/local/insight/LunaImaging/6.x/LUNA/keystore.jks"/>
<property name="ldapSearchFilters">
<list>
<value>(uid={0})</value>
</list>
</property>
<property name="ldapSearchAttributes">
<list>
<value>insightUser</value>
</list>
</property>
<property name="ldapSecurityPrincipal" value="{0}"/>
<property name="ldapSecurityPrincipalAttributes" value="dn"/>
</bean>
set:
ldapURL to the path to the LDAP server. Use the "ldaps://" prefix instead of "ldap://"
loginSSL to 1
trustStorePath to the path to the keystore file generated
Restart JBoss/Tomcat