Enabling LDAP over SSL (LDAPS)

ALM supports LDAP communication transfer over secure sockets (SSL). This ensures that users' credentials (passwords) are not sent over the network in an unsecured way. This section describes the configuration steps needed to enable LDAP communication over SSL.

LDAP server configuration

To use SSL for secure LDAP communication, preconfigure the following on the LDAP server.

  • Enable SSL.
  • Set a secure port (the port is 636 by default).
  • Install a server certificate.

  • Obtain a root certificate (and any intermediate) of the Certificate Autority (CA) that issued the LDAP server certificate.

Back to top

ALM server configuration

To use SSL for secure LDAP communication, preconfigure the following on the ALM server.

  1. A certificate trust store.

    In most cases, the default trust store is used. The default trust store is <JAVA_HOME>/jre/lib/security/cacerts (the default password is changeit), where <JAVA_HOME> is the installation location for the JDK that comes with ALM (for example, <ALM installation path>\java\jre).

  2. To establish trust to the CA that issued the LDAP server certificate, import the root CA certificate into the java trust store using the keytool utility which located in the bin folder of the JAVA_HOME directory.

    For example,

    Copy code
    keytool -import -alias <your LDAP CA>  -trustcacerts -file <LDAP CA cert>  -keystore <JAVA_HOME>/jre/lib/security/cacerts

    If there are any intermediate Certificate Authorities, import their certificates as well.

Back to top

See also: