Configuring LDAP Adapter to use SSL/TLS with Sterling B2B Integrator
To configure Sterling B2B Integrator to use LDAP Adapter with SSL/TLS, you must create/edit the ldap_adapter.property.in file. You can also use the customer_overrides.properties file to set the property values that cannot be overwritten by a patch installation.
Before you begin
- Generate a private key using XCA.
- Generate a self-signed certificate using the key by providing the
OpenLDAPIP address in
SubjectAlternativeNamefor the certificate.
SubjectAlternativeName[ IPAddress: 220.127.116.11 DNSName: lazes1.fyre.ibm.com]
- Export the key and the certificate from XCA in
- Place the
pemcertificate obtained in the above step in C:\Openldap\secure\certs and edit the
sldap.conffile to point to this certificate.
TLSVerifyClient never TLSCipherSuite HIGH:MEDIUM:-SSLv2 TLSCertificateFile ./secure/certs/onlyIP.pem TLSCertificateKeyFile ./secure/certs/onlyIP.pem TLSCACertificateFile ./secure/certs/onlyIP.pem
- Restart the
- Connect to the
OpenLDAPserver in SSL mode using jXplorer or LDAP soft tool.
- Save the certificate and create a JKS store using the
keytool -import -file <cert location>\ldapCert.der -keystore <directory>\test.jks
- Place the JKS file under any Sterling B2B Integrator accessible location and reference in the ldap_adapter.property.in file.
About this task
To configure LDAP Adapter to use SSL/TLS with Sterling B2B Integrator:
- Stop Sterling B2B Integrator.
- Navigate to the installation directory.
- Navigate to the properties directory.
- Open the ldap_adapter.property.in file.
In ldap_adapter.property.in, locate the
#This is to connect LDAP Adapter over SSLentry.
#This is to connect LDAP Adapter over SSLentry, make the following changes to the LDAP parameters:
Object specifying the security protocol that the provider should use.
Path to the local truststore. You must have the required LDAP certificates stored in the truststore. You cannot use certificates from trading partners.
Full path to the local truststore.LDAP_SECURITY_TRUSTSTORE_PASSWORD=
Password that allows access to the truststore.
Password allowing access to the local truststore.LDAP_SECURITY_KEYSTORE=
Path to the local keystore. You must have LDAP required certificates stored in the keystore. You cannot use certificates from trading partners. Inactive path Full path to the local keystore.LDAP_SECURITY_KEYSTORE_PASSWORD= Password that allows access to the keystore. password Password allowing access to the local keystore.TLS_VERSION= Supported TLS version TLS1-TLS1.2 Supported TLS version of the server
- Save the ldap_adapter.property.in file.
- Enter /install_dir/install/bin/setupfiles.sh (UNIX) or \install_dir\install\bin\setupfiles.cmd (Windows) to update LDAP entries into the ldap_adapter.property file from the ldap_adapter.property.in file.
Start Sterling B2B Integrator. The
changes to the ldap_adapter.property file are now applied.
After startup, the system identifies LDAP servers from the ldap_adapter.property file. The system can now perform create, update, read, and delete operations on an LDAP setup using these settings through LDAP Adapter.