Enable communication with an SSL-enabled Lightweight Directory
Access Protocol (LDAP) server.
About this task
You can secure communications with an LDAP server by configuring
the Secured Sockets Layer (SSL) protocol. The SSL signer certificate
must be added to a truststore on Process Federation Server.
You can use a dedicated truststore for the LDAP server, instead of
reusing the Process Federation Server default
truststore.To manage the LDAP truststore, use your JVM’s keytool utility, or the IBM® HTTP Server IKEYMAN utility.
Procedure
- Create a new truststore or reuse the Process Federation Server default
truststore and import the signer certificate for the LDAP server.
- Enable communication with an SSL-enabled LDAP server:
- Open the server.xml configuration file for
editing.
By default, the configuration file is in the
pfs_install_root/usr/servers/server_name directory on
Process Federation Server.
- Configure the
keystore and ssl elements
to refer to the truststore: <ssl id="LDAPSSLSettings" keyStoreRef="defaultKeyStore" trustStoreRef="LDAPTrustStore" />
...
<keyStore id="LDAPTrustStore"
location="pfs_install_root/usr/servers/server_name/LdapSSLKeyStore.jks"
type="JKS"
password="password" />
- Enable SSL on the
ldapRegistry element,
and refer to the ssl configuration element:
<ldapRegistry ...
...
sslEnabled="true"
sslRef="LDAPSSLSettings">
...
<ldapRegistry/>
This topic only applies to BAW, and is located in the BAW repository. Last updated on 2025-03-13 12:15