|
|
|
To secure the LDAP connections using SSL (sometimes referred to as LDAPS), administrators can configure arbitrary environment properties in /WEB-INF/conf/ekp.properties when using JNDI-based LDAP password authentication. To configure a default for all directory services, prefix the property name with ldap.jndi. To configure for a specific directory service (for example ldap.jndi1. for directory service 1), prefix the property name with ldap.jndi{index}.
You can secure the LDAP connections using SSL by:
You can explicitly specify that SSL be used as the security protocol. The relevant JNDI property name is java.naming.security.protocol. Therefore, to specify this as the default for all directory services, set the following property in ekp.properties:
ldap.jndi.java.naming.security.protocol=ssl
To specify that SSL be used for directory service 1, set the following property in ekp.properties:
ldap.jndi1.java.naming.security.protocol=ssl
You can specify a provider URL using the LDAPS scheme. The relevant JNDI property name for the provider URL is java.naming.provider.url. Therefore, to configure an LDAPS URL for directory service 1, for localhost on port 636, for example, you would use the following property. Use the backslash to escape the colon characters as per the conventions for .properties files. The raw value is ldaps://localhost:636.
ldap.jndi1.java.naming.provider.url=ldaps\://localhost\:636
If you explicitly specify the provider URL, there is no need to separately specify the host and port for the directory service.
The ldap.useJndi property is an alias for the ldap.useActiveDirectory property. PeopleFluent recommends enabling this regardless of whether the directory service uses Active Directory.
Additional Information
