Page Navigation

• Configuration File Details
• Set LDAP Users to Use Normal or Custom Authentication
• Synchronizing LDAP Users
• LDAP Binding with Clear Text or SSL

Most Read

• Web Services
• Code Sections
• Available Workflow Triggers
• Cascade Server CMS Primer
• Cascade Server CMS Primer Advanced
• Available System Tags
• System View Tags
• Available Plug-ins
• Authentication
• Data Definition Schema Reference

• Cascade Server 7.0 Beta 2 Release Notes
• Cascade Server 6.10.9 Release Notes
• Cascade Server 6.10.8 Release Notes
• Cascade Server 7.0 Beta Release Notes
• Cascade Server 6.10.7 Release Notes
• Cascade Server 6.10.6 Release Notes
• Cascade Server 6.10.5 Release Notes
• Cascade Server 6.10.4 Release Notes
• Cascade Server 6.10.3 Release Notes
• Cascade Server 6.10.2 Release Notes

LDAP Binding with Clear Text or SSL

As of version 4.1+, Cascade can bind to LDAP server using either multiple methods of binding to the LDAP server are now supported. A <binding> element (child of <ldap-synchronization-configuration>/<options>/<server>) in the configuration allows users to specify one of two binding implementations:

• com.hannonhill.cascade.model.security.ldap.bind.LDAPCleartextBind
• com.hannonhill.cascade.model.security.ldap.bind.LDAPSSLBind

Clear-text Bind

A clear-text bind is one in which the network traffic between Cascade and the LDAP server is not encrypted. It does not require any additional parameters:

<binding <classname>com.hannonhill.cascade.model.security.ldap.bind.LDAPCleartextBind</classname> </binding>

Clear-text bind is also the default binding method if the <binding> element is omitted.

SSL Bind

When using an SSL bind, all of the network traffic is SSL-encrypted. The SSL binding class makes use of the following parameters:

• javax.net.ssl.keyStore – the location of the SSL keystore on the Cascade server
• javax.net.ssl.keyStorePassword – the password of the SSL keystore on the Cascade server
• trust-server-certificate – whether or not you wish to trust the server certificate automatically. If you do not install the client certificate into the SSL keystore on the server running Cascade, this parameter should be set to "yes" or "true" to ensure that the SSL handshake succeeds. If ommitted, this setting defaults to false.

<binding> <classname>com.hannonhill.cascade.model.security.ldap.bind.LDAPSSLBind</classname> <parameter> <name>javax.net.ssl.keyStore</name> <value>C:/Java/jdk/jdk1.5.0_06/jre/lib/security/keystore</value> </parameter> <parameter> <name>javax.net.ssl.keyStorePassword</name> <value>hannon</value> </parameter> <parameter> <name>trust-server-certificate</name> <value>yes</value> </parameter> </binding>

Additional Notes

The binding method will be used both for authentication as well as user synchronization.

The LDAPSSLBind implementation currently supports SSLv3.