Pass-through authentication over SSL
To configure pass-through authentication over SSL, you must ensure that certain requirements are met.
Ensure that the following conditions are satisfied:
- Both the external pass-through authentication server and the IBM® Security Directory Server must run in secure mode. The pass-through authentication configuration in IBM Security Directory Server does not require any extra keystore (kdb) file. It depends on the same keystore file that is used by the main server component. IBM Security Directory Server must be configured for SSL communication for pass-through authentication over SSL.
- The external pass-through authentication server must communicate with LDAP clients with the same keystore file and keystore password that is used by IBM Security Directory Server.
- The ibm-slapdPtaURL parameter for pass-through
authentication must be an
ldaps://
URL in the following format:ibm-slapdPtaURL: ldaps://host_name:secure_port
During the pass-through authentication process, IBM Security Directory Server works as a client to the external pass-through authentication server. It requires compatible key pairs for this client/server communication to work successfully. For more information about how to create key pairs and keystore files for use with IBM Security Directory Server, see the Directory communications security section.