Decision Management (ODM,ADS)

 View Only
Expand all | Collapse all

LDAPS binding on ODM 8.10.5 / Certified K8s (AKS)

  • 1.  LDAPS binding on ODM 8.10.5 / Certified K8s (AKS)

    Posted Fri May 28, 2021 02:59 PM
    Hi,

    We've deployed ODM 8.10.5 on Azure Kubernetes and followed the instructions for ODM production deployment on certified k8s to configure webSecurity.xml and imported our certs into a truststore.jks which we've provided to the Helm chart. 

    Although we're now able to login (authenticate) using our LDAPS directory (MS Active Directory) we cannot get the LDAPS connection settings in Decision Center to work to pull groups/users into the application as described in https://www.ibm.com/docs/en/odm/8.10?topic=access-synchronizing-users-groups-in-decision-center. We get a 'simple bind failed' error is the application and 'Connection Reset' in the logs. We've tried defining the LDAPS connection in an XML config file (as described in Configuring user access without OpenID) as well as through the UI with the same result.

    Any suggestions?

    Vincent Owens
    Solution Architect, Capgemini UK

    ------------------------------
    Vincent Owens
    ------------------------------


  • 2.  RE: LDAPS binding on ODM 8.10.5 / Certified K8s (AKS)

    Posted Fri May 28, 2021 03:14 PM
    If you are using a secure connection it could be an issue with the certificate not being accepted by DC possibly because the application relies on the JVM truststore and not the liberty one. 
    You could set the truststore in the jvm.options to verify if this is the problem

    You might get more detail enabling this trace
    com.ibm.rules.decisioncenter.userregistry=all

    https://www.ibm.com/docs/en/odm/8.10?topic=kubernetes-customizing-log-levels



    ------------------------------
    Alain Robert
    ------------------------------

    Original Message