The security type to use for communications with the LDAP server. Use one of the following options:
ClearText
. Use plain text communications.
SSL
. Use Secure Socket Layer (SSL/TLS) communications. Use this option to connect to an LDAPS port. If you choose this option you might need to set the parameter LDAPPort. Port 636
is often used for LDAPS.TLS
. Use StartTLS. Use this option to connect to a normal LDAP port but upgrade the connection to use SSL/TLS.Kerberos
. Use Kerberos security for communications.
NOTE: When you are using a Kerberized LDAP server, you must also set LDAPKerberosRealm to the Kerberos realm. In addition, you must either:
kinit
has been performed by a user that can access LDAP using the SASL GSSAPI mechanism. Community can use Kerberos credentials held in its environment, so in this case BaseDN and BaseDNPassword are not required.NOTE: IDOL uses OpenLDAP to provide LDAP support on most platforms, and the Microsoft LDAP implementation on Windows. You might need to make some changes in the environment.
For example, to use SSL communications, you must install the SSL certificate of the LDAP server for the user that runs IDOL Server. You must also turn off client verification on the LDAP server, or create a client certificate for IDOL Server (signed by a Certification Authority (CA) that the LDAP server trusts).
On Windows, you can ensure the LDAP server SSL certificate is trusted by adding the correct certificates to your “Trusted Root Certification Authorities”. With OpenLDAP on Linux, you can configure TLS options such as the minimum TLS protocol version and SSL certificate paths by changing the parameters in your ldap.conf
configuration file.
Type: | String |
Default: | ClearText
|
Required: | No |
Configuration Section: | MySecurityRepository
|
Example: | LDAPSecurityType=SSL
|
See Also: | LDAPPort
LDAPServer LDAPKerberosRealm |
|