IBM Support

How to enable the IBM Security Directory Suite website to access a secured LDAP server

How To


Summary

After following Enabling SSL and Transport Layer Security on the Directory Server to secured my LDAP server, is there anything more I need to do to use the IBM Security Directory Suite website to access the now secured LDAP server?

Steps

  1. Log into the IBM Web Administration for i website (http://SYSTEM-NAME-OR-IP:2001/HTTPAdmin or https://SYSTEM-NAME-OR-IP:2010/HTTPAdmin) then select Manage Tab, then Application Servers Tab, and select the Admin1 application server in the Server pulldown. When the page loads the Admin1 server, click on Create Keystore in the left navigator

    image-20250404105435-2

  2. Fill in the Keystore path, Keystore password and Confirm password form fields then click the Create button

    image-20250404105956-4

  3. On the Manage Certificates page, Click the Import button

    image-20250404110248-5

  4. On the Import certificate, click the radio button Use Digital Certificate Manager (DCM) SYSTEM store, type in the password for the *SYSTEM certificate store and click on the Next button

    image-20250404110457-6

  5. Now check the checkbox for all the Trust certificates and click on the Next button

    image-20250404110834-7

  6. Click on the Finish button on the Import certificate Summary page

    image-20250404111008-8

  7. Now access the Directory Server Console (http://<system>:2004/IDSWebApp/IDSjsp/Login.jsp?showConsoleAdminLogin=true), logging in with user superadmin

    image-20250404111435-9

  8. Click on Manage Console Servers

    image-20250404111653-10

  9. Check the radio button next to the server and click on the Edit button.
    If there is no server, click the Add button

    image-20250404112047-11

  10. Type 636 in the Port form field,  check the Enable SSL encryption checkbox and click on the OK button

    image-20250404112418-12

  11. In the left Navigator, click on Console administration to expand it then click on Manage console properties

    image-20250404113433-13

  12. Click on the SSL key database tab, type in the full path to the LDAP certificate store and the type in the store's password in the Key password and Confirm password form fields, check the Same as key database checkbox and click the OK button

    image-20250404113923-14

  13. Click on the Manage console properties again, Click on Manage security protocol, check the TLS 1.2 radio button and click the OK button

    image-20250404114146-15

  14. Logout of the Directory Server Console

  15. Log into a 5250 emulator and then edit the LDAP server's ibmslapd.conf file. For this example, the LDAP server is QUSRDIR.

    EDTF STMF('/QIBM/UserData/OS400/DirSrv/idsslapd-QUSRDIR/etc/ibmslapd.conf') . Find ibm-slapdSecurity

     image-20250404114912-16

  16. Make sure the value is SSLOnly

    image-20250404115224-17

    If it is not, change it then press the F3 twice to save and exit

  17. Now end and restart the LDAP server and the HTTP Admin server, which includes the IBM Security Directory Suite website

    ENDTCPSVR SERVER(*DIRSRV)
    ENDTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

    Wait 3-5 minutes

    STRTCPSVR SERVER(*DIRSRV)
    STRTCPSVR SERVER(*HTTP) HTTPSVR(*ADMIN)

  18. Bring up the IBM Security Directory Server website again. You may need to wait a couple of minutes for the ADMIN2 application server to ready to accept browser requests

    image-20250408155324-2

Document Location

Worldwide

[{"Line of Business":{"code":"LOB68","label":"Power HW"},"Business Unit":{"code":"BU070","label":"IBM Infrastructure"},"Product":{"code":"SWG60","label":"IBM i"},"ARM Category":[{"code":"a8m0z0000000CJ2AAM","label":"IBM i Tivoli Directory Server"}],"Platform":[{"code":"PF012","label":"IBM i"}],"Version":"7.4.0;7.5.0","Type":"MASTER"}]

Document Information

Modified date:
10 April 2025

UID

ibm17230146

Page Feedback