Configuring LDAP Adapter to use SSL/TLS with Sterling B2B Integrator

To configure Sterling B2B Integrator to use LDAP Adapter with SSL/TLS, you must create/edit the ldap_adapter.property.in file. You can also use the customer_overrides.properties file to set the property values that cannot be overwritten by a patch installation.

Before you begin

You must generate the certificate and the keystore to connect to the LDAP Server over SSL.
Follow these steps to generate the keys:
  1. Generate a private key using XCA.
  2. Generate a self-signed certificate using the key by providing the OpenLDAP IP address in SubjectAlternativeName for the certificate.
    
    SubjectAlternativeName[
    IPAddress: 9.199.149.149
    DNSName: lazes1.fyre.ibm.com]
    
  3. Export the key and the certificate from XCA in .pem format.
  4. Place the pem certificate obtained in the above step in C:\Openldap\secure\certs and edit the sldap.conf file to point to this certificate.
    
    TLSVerifyClient never
    TLSCipherSuite HIGH:MEDIUM:-SSLv2
    TLSCertificateFile ./secure/certs/onlyIP.pem
    TLSCertificateKeyFile ./secure/certs/onlyIP.pem
    TLSCACertificateFile ./secure/certs/onlyIP.pem
    
  5. Restart the OpenLDAP service.
  6. Connect to the OpenLDAP server in SSL mode using jXplorer or LDAP soft tool.
  7. Save the certificate and create a JKS store using the command:
    
    keytool -import -file <cert location>\ldapCert.der -keystore <directory>\test.jks
    
  8. Place the JKS file under any Sterling B2B Integrator accessible location and reference in the ldap_adapter.property.in file.

About this task

To configure LDAP Adapter to use SSL/TLS with Sterling B2B Integrator:

Procedure

  1. Stop Sterling B2B Integrator.
  2. Navigate to the installation directory.
  3. Navigate to the properties directory.
  4. Open the ldap_adapter.property.in file.
  5. In ldap_adapter.property.in, locate the #This is to connect LDAP Adapter over SSL entry.
  6. Below the #This is to connect LDAP Adapter over SSL entry, make the following changes to the LDAP parameters:
    Parameter

    Description

    Shipped Value

    Change to


    security_protocol=

    Object specifying the security protocol that the provider should use.

    empty

    SSL

    LDAP_SECURITY_TRUSTSTORE=

    Path to the local truststore. You must have the required LDAP certificates stored in the truststore. You cannot use certificates from trading partners.

    empty

    Full path to the local truststore.

    LDAP_SECURITY_TRUSTSTORE_PASSWORD=

    Password that allows access to the truststore.

    changeit

    Password allowing access to the local truststore.

    LDAP_SECURITY_KEYSTORE=

    Path to the local keystore. You must have LDAP required certificates stored in the keystore. You cannot use certificates from trading partners. Inactive path Full path to the local keystore.

    LDAP_SECURITY_KEYSTORE_PASSWORD=

    Password that allows access to the keystore. password Password allowing access to the local keystore.

    TLS_VERSION=

    Supported TLS version TLS1-TLS1.2 Supported TLS version of the server
  7. Save the ldap_adapter.property.in file.
  8. Enter /install_dir/install/bin/setupfiles.sh (UNIX) or \install_dir\install\bin\setupfiles.cmd (Windows) to update LDAP entries into the ldap_adapter.property file from the ldap_adapter.property.in file.
  9. Start Sterling B2B Integrator. The changes to the ldap_adapter.property file are now applied.

    After startup, the system identifies LDAP servers from the ldap_adapter.property file. The system can now perform create, update, read, and delete operations on an LDAP setup using these settings through LDAP Adapter.