Skip to main content
Announcements
Get Ready. A New Qlik Learning Experience is Coming February 17! LEARN MORE
cancel
Showing results for 
Search instead for 
Did you mean: 
MMV
Contributor
Contributor

How to configure a centralized LDAP connection metadata when the connection is LDAPS

In individual tLDAPConnection, tLDAPInput, etc, when I select LDAPS the Advanced CA check box appears. Once selected, the advanced mode allows you to specify the directory and the keystore password of the certificate file for storing a specific CA. Or you can select the Trust all certs check box.

However, if I try to create a schema as a centralized schema as specified here https://help.qlik.com/talend/en-US/studio-user-guide/8.0-R2024-07/centralizing-ldap-connection-metad... I can't configure these Advanced CA properties, and the connection doesn't work.

What am I missing?

Thank you!

Labels (3)
1 Solution

Accepted Solutions
diegozecchini
Specialist
Specialist

Hi!
When configuring a centralized LDAP connection in Talend for LDAPS, you might encounter limitations in setting Advanced CA properties—such as specifying the certificate directory and keystore password—within the centralized metadata schema. These settings are typically accessible in individual components like tLDAPConnection or tLDAPInput when LDAPS is selected. https://help.qlik.com/talend/en-US/components/7.3/ldap/tldapconnection-standard-properties

An idea is to configure the Advanced CA properties directly within each LDAP component (e.g., tLDAPConnection, tLDAPInput) in your Job. This method allows you to specify the necessary SSL parameters for each component. However, it requires manual configuration for each component, which may not be ideal for large projects.

Or you can set up a truststore at the JVM level, by configuring the Java Virtual Machine (JVM) to recognize your Certificate Authority (CA) by setting up a truststore that includes your LDAP server's certificate. This approach enables all Java applications running on the JVM, including Talend Jobs, to trust the specified certificates without the need for individual component configurations. To implement this:

Create a Java keystore (truststore) containing your LDAP server's certificate.
Configure the JVM options in Talend to use this truststore by adding the following parameters:
-Djavax.net.ssl.trustStore=/path/to/your/truststore
-Djavax.net.ssl.trustStorePassword=yourTruststorePassword

These parameters can be set in the Talend Studio preferences or within the Job's runtime parameters.

View solution in original post

3 Replies
diegozecchini
Specialist
Specialist

Hi!
When configuring a centralized LDAP connection in Talend for LDAPS, you might encounter limitations in setting Advanced CA properties—such as specifying the certificate directory and keystore password—within the centralized metadata schema. These settings are typically accessible in individual components like tLDAPConnection or tLDAPInput when LDAPS is selected. https://help.qlik.com/talend/en-US/components/7.3/ldap/tldapconnection-standard-properties

An idea is to configure the Advanced CA properties directly within each LDAP component (e.g., tLDAPConnection, tLDAPInput) in your Job. This method allows you to specify the necessary SSL parameters for each component. However, it requires manual configuration for each component, which may not be ideal for large projects.

Or you can set up a truststore at the JVM level, by configuring the Java Virtual Machine (JVM) to recognize your Certificate Authority (CA) by setting up a truststore that includes your LDAP server's certificate. This approach enables all Java applications running on the JVM, including Talend Jobs, to trust the specified certificates without the need for individual component configurations. To implement this:

Create a Java keystore (truststore) containing your LDAP server's certificate.
Configure the JVM options in Talend to use this truststore by adding the following parameters:
-Djavax.net.ssl.trustStore=/path/to/your/truststore
-Djavax.net.ssl.trustStorePassword=yourTruststorePassword

These parameters can be set in the Talend Studio preferences or within the Job's runtime parameters.

MMV
Contributor
Contributor
Author

Thank you @diegozecchini ! And do you know if these limitations are going to be overcome in future (near) versions?

diegozecchini
Specialist
Specialist

I am not aware about newer versions without those limitations unfortunately. You could post it in the talend community..

Another place to check is Talend's release note https://help.qlik.com/talend/en-US/release-notes/8.0/about-talend-release-notes