Enabling LDAP over SSL (LDAPS)
ALM supports LDAP communication transfer over secure sockets (SSL). This ensures that users' credentials (passwords) are not sent over the network in an unsecured way. This section describes the configuration steps needed to enable LDAP communication over SSL.
LDAP server configuration
To use SSL for secure LDAP communication, preconfigure the following on the LDAP server.
- Enable SSL.
- Set a secure port (the port is 636 by default).
-
Install a server certificate.
-
Obtain a root certificate (and any intermediate) of the Certificate Authority (CA) that issued the LDAP server certificate.
ALM server configuration
To use SSL for secure LDAP communication, preconfigure the following on the ALM server.
-
A certificate trust store.
In most cases, the default trust store is used. The default trust store is <JAVA_HOME>/jre/lib/security/cacerts (the default password is changeit), where <JAVA_HOME> is the installation location for JDK.
-
To establish trust to the CA that issued the LDAP server certificate, import the root CA certificate into the java trust store using the keytool utility which located in the bin folder of the JAVA_HOME directory.
For example,
Copy codekeytool -import -alias <your LDAP CA> -trustcacerts -file <LDAP CA cert> -keystore <JAVA_HOME>/jre/lib/security/cacerts
If there are any intermediate Certificate Authorities, import their certificates as well.
See also: