Enabling LDAP over SSL (LDAPS)

ALM supports LDAP communication transfer over secure sockets (SSL). This ensures that users' credentials (passwords) are not sent over the network in an unsecured way. This section describes the configuration steps needed to enable LDAP communication over SSL.

In this topic:

LDAP server configuration

To use SSL for secure LDAP communication, preconfigure the following on the LDAP server.

• Enable SSL.
• Set a secure port (the port is 636 by default).

• Install a server certificate.

• Obtain a root certificate (and any intermediate) of the Certificate Authority (CA) that issued the LDAP server certificate.

Back to top

ALM server configuration

To use SSL for secure LDAP communication, preconfigure the following on the ALM server.

1. A certificate trust store.

   In most cases, the default trust store is used. The default trust store is <JAVA_HOME>/jre/lib/security/cacerts (the default password is changeit), where <JAVA_HOME> is the installation location for JDK.

2. To establish trust to the CA that issued the LDAP server certificate, import the root CA certificate into the java trust store using the keytool utility which located in the bin folder of the JAVA_HOME directory.

   For example,

   Copy code

   keytool -import -alias <your LDAP CA>  -trustcacerts -file <LDAP CA cert>  -keystore <JAVA_HOME>/jre/lib/security/cacerts

   If there are any intermediate Certificate Authorities, import their certificates as well.

Back to top

See also:

• Define multi LDAP settings
• Import users from LDAP