Securing LDAP with SSL

Lightweight Directory Access Protocol (LDAP) is an Internet Engineering Task Force (IETF) standard for exchanging information between network directories and databases containing any level of information. For systems requiring additional security, LDAP providers, such as Microsoft's Active Directory, can operate over Secure Socket Layer (SSL), provided that the Web or application server supports LDAP over SSL. Using SSL in conjunction with LDAP can ensure that login passwords, application information, and other sensitive data are not hijacked, compromised, or stolen.

The following example illustrates how to enable LDAPS using Microsoft's Active Directory as a security provider. For more specific information on any of the steps or to find details that address a particular release of the security provider, see the original vendor documentation.

  1. Verify that Active Directory and the Enterprise Certificate Authority are installed and functioning.
  2. Use the certificate authority to generate a certificate, and import the certificate into the certificate store of the IBM® SPSS® Deployment Manager installation. This allows the LDAPS connection to be established between the IBM SPSS Collaboration and Deployment Services Repository and an Active Directory server.

    To configure IBM SPSS Deployment Manager for secure Active Directory connections, verify that a connection exists to the repository.

  3. Launch the IBM SPSS Deployment Manager.
  4. From the Tools menu, choose Server Administration.
  5. Log in to a previously defined administered server.
  6. Double-click the Configuration icon for the server to expand the hierarchy.
  7. Double-click the Security Providers icon to expand the hierarchy.
  8. Double-click the Active Directory security provider.
  9. Enter configuration values for the instance of Active Directory with security certificates installed.
  10. Select the Use SSL check box.
  11. Note the name in the Domain User field. Subsequent logins using Active Directory are authenticated using SSL.

For additional information about installing, configuring, and implementing LDAPS on a particular application server, see the original vendor's documentation.