ISSUE:
Openfire can not authenticate or connect to LDAP when LDAPS/LDAP over SSL is used
CAUSE:
Prior to 3.10.2, Certificate validation was not performed when connecting to LDAP over SSL.
RESOLUTION:
Import the ldap server certificate into JRE truststore
Please ensure you have proper backups before starting
Locate the JRE used by openfire. Run the following commands using the examples below.
Windows:
“C:\Program Files (x86)\Java\jre1.8.0_45\bin\keytool” -importcert -keystore “C:\Program Files (x86)\Java\jre1.8.0_45\lib\security\cacerts” -storepass changeit -file ROOTCA.cer -noprompt
Linux
sudo /usr/java/default/bin/keytool -keystore /usr/java/default/lib/security/cacerts -importcert -file cachain.crt -storepass changeit -noprompt
Restart Openfire