Pass-through authentication over SSL

Edit online

To configure pass-through authentication over SSL, you must ensure that certain requirements are met.

Ensure that the following conditions are satisfied:
  • Both the external pass-through authentication server and the IBM® Security Directory Server must run in secure mode. The pass-through authentication configuration in IBM Security Directory Server does not require any extra keystore (kdb) file. It depends on the same keystore file that is used by the main server component. IBM Security Directory Server must be configured for SSL communication for pass-through authentication over SSL.
  • The external pass-through authentication server must communicate with LDAP clients with the same keystore file and keystore password that is used by IBM Security Directory Server.
  • The ibm-slapdPtaURL parameter for pass-through authentication must be an ldaps:// URL in the following format:
    ibm-slapdPtaURL: ldaps://host_name:secure_port

During the pass-through authentication process, IBM Security Directory Server works as a client to the external pass-through authentication server. It requires compatible key pairs for this client/server communication to work successfully. For more information about how to create key pairs and keystore files for use with IBM Security Directory Server, see the Directory communications security section.