This section explains how to configure the authentication.properties file settings that enable Blackboard Learn, using LDAP authentication, to communicate with an LDAP Server over SSL. No extra entries need to be added to the authentication.properties file. The Administrator simply needs to set the appropriate properties correctly (see table below).
The SSL Choice option in the Administrator Panel is used to secure communication between Blackboard Learn and the client machine. To learn more, see SSL Choice.
|auth.type.ldap.server_url.x||When the LDAP server is setup to communicate over SSL, this property should be: ldap://directory.university.edu |
Administrators may need to append the port number depending upon the configuration.
|auth.type.ldap.server_ssl.x||Must be set to "true" or "false". If set to "true" the module will attempt to connect to the LDAP directory using SSL. The LDAP server must be set up to handle SSL connections.|
Run PushConfigUpdates after editing the properties file. To learn more, see PushConfigUpdates. Finally, copy the JSSE, JNET, and JCERT files from apps/tomcat/systemlib into the $JAVA_HOME/jre/lib/ext directory as shown in the next section.
How to Configure LDAP Authentication with SSL for the JAVA Runtime Environment (JRE)
- Copy the following three files to the JAVA_HOME\jre\lib\ext directory:
- Add the following to the JAVA_HOME/jre/lib/security/java.security file:
- If there are already security providers listed, and the first one is sun.security.provider.Sun, a security.provider.X entry should be added to the end of the list.
- Import the signed public SSL certificate. Administrators configuring a fresh install of Blackboard Learn should import a certificate for each LDAP server to the applications server’s repository of trusted certificates. This is done through the keytool utility.
How to Configure Contextual Error Messages for LDAP
The default error message does not report the cause of the error to the user when LDAP Authentication fails. Use the auth.type.ldap.context_factory property to display contextual error messages to users.
For each LDAP server configured, set the auth.type.ldap.context_factory property. This property references a class to use for creating contexts, which need to be server specific. The options are:
Any server that supports the Netscape password policy response controls spec - any breed of Netscape Directory Server including RedHat, SunONE, OpenLDAP, and others.
Any server that supports the IETF standard password policy attributes (passwordExpirationTime) but not response controls, for example, Novell Directory Server.
The PasswordPolicyContextFactory is used by default. If the PasswordPolicyContextFactory is used the authentication module must be configured to use a valid privileged user (one that can search and access the passwordExpirationTime attribute of any user) for the proper error message to be shown.