Secure LDAP address book using OpenDJ and Thunderbird on OpenIndiana

For testing secure LDAP address book connectivity using OpenDJ 2.4.0 and Thunderbird 3.1.6, running on OpenIndiana oi_147, one can use the following procedure.

This assumes you have already installed and are running OpenDJ 2.4.0, and that you chose to generate a self-signed certificate during setup. In the below example, afterburner is the name of my server. OpenDJ is running as a local instance.

 

In the Thunderbird application preferences, point to the LDAP server for address autocompletion. In this example we are using port 1636 for secure LDAP access:

Thunderbird - use a secure LDAP address book

Apply settings, and attempt to address a recipient in a new message. You should be presented with an error message:

Thunderbird - secure connection failed

Click “View Certificate”. In the window that appears, click on the “Details” tab, and click the “Export…” button:

Thunderbird - export certificate

Save the certificate somewhere convenient. The default certificate format (“X.509 Certificate (PEM)”) appears to work fine.

Go back to your Thunderbird preferences, and view your installed certificates:

Thunderbird - view installed certificates

Click on the “Servers” tab, and import the certificate you saved in the previous step:

Thunderbird - import a saved certificate

Edit the certificate properties, and tell Thunderbird to trust the authenticity of the certificate:

Thunderbird - edit certificate properties

Thunderbird - trust certificate authenticity

That’s it. You may need to restart Thunderbird for the settings to take effect, but if all has gone well you should have anonymous secure access to the local LDAP service.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s