LdapSSLKeyFile
This stanza entry specifies the SSL key file name and location.
Syntax
LdapSSLKeyFile = ldap-ssl-key-filenameDescription
SSL key file name and location. Use the SSL key file to handle certificates that are used in LDAP communication. The file extension can be anything, but the extension is usually .kdb.
The certificate files
in a directory need to be accessible to the server user (or all users).
Make sure that the server user (for example, ivmgr)
or all users have permission to access the .kdb file
and the folder that contains the .kdb file.
Note: The
entries in this stanza are for internal use only. Do not modify the
values in this file. To properly configure these entries, use the pdconfig utility.
Options
- ldap-ssl-key-filename
- The file name and location that represents an alphanumeric string that is not case-sensitive. String values are expected to be characters that are part of the local code set. The set of valid characters in a file name can be determined by the file system and by the local code set. For Windows operating systems, file names cannot have a backward slash (\), a colon (:), a question mark (?), or double quotation marks ("). Windows operating systems path names, however, can have a backward slash (\) or a colon (:). For AIX, Linux, and Solaris operating systems, path names and file names are case-sensitive.
Usage
Conditional. This stanza entry is
required when LdapSSL = ssl.
Default value
The following table shows
the default value by platform.
| Platform | File name |
|---|---|
| Linux® or UNIX | /opt/PolicyDirector/keytab/ivmgrd.kdb |
| Windows | c:\program files\tivoli\policy director\keytab\ivmgrd.kdb |
Example
LdapSSL = ssl
LdapSSLKeyFile = /opt/PolicyDirector/keytab/ivmgrd.kdb