Versions Compared

Old Version 30

changes.mady.by.user Unknown User (mkos)

Saved on

compared with

New Version 31

changes.mady.by.user Unknown User (mkos)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Some information on this page refers to License Statistics v5.1 or newer, which added the capability to connect to an LDAP server over SSL protocol. If you are using an earlier version of License Statistics, see v4.18 to v5.1 documentation or refer to documentation for versions prior to v4.18.

License Statistics lets you connect to an LDAP server to access user accounts (see Automating user account creation using LDAP) and user groups you have defined in an LDAP directory (see Importing LDAP user groups).

...

By default, LDAP traffic is transmitted unsecured. You can, however, make LDAP traffic confidential by installing a valid certificate issued by a certificate authority (CA). The CA certificate, which contains a public key and the identity of the owner, is needed to enable encrypted communication between License Statistics and your LDAP server.

To connect over SSL: 1. Specify where a public key of the CA certificate is located by setting

If you want to verify that the LDAP server's certificate is properly signed:

  1. Set the variable LDAP_SSL_CERTIFICATE_KEY_FILE in the License Statistics configuration file (xflicstat.cfg). This variable defines the path and filename of the CA certificate and allows the client to verify the LDAP server's certificate.
  2. Leave the default settings of the variable LDAP_SSL_CERTIFICATE_VERIFY. By default, this variable is set to the "demand" value, indicating that the server certificate will be checked to verify that it is properly signed and your CA certificate, which you set in LDAP_SSL_CERTIFICATE_KEY_FILE variable, will be used to verify that.
  3.   Restart License Statistics.

If you want to verify that the LDAP server's certificate is properly signed:

  1. Set the variable LDAP_SSL_CERTIFICATE_VERIFY to "allow". This way, the connection will be allowed even if it turns out that the certificate is missing or it is not valid. In this case, setting the variable LDAP_SSL_CERTIFICATE_KEY_FILE is not obligatory.
  2. Restart License Statistics.

Note: We recommend using the predefined settings and leaving the variable LDAP_SSL_CERTIFICATE_VERIFY set to "demand" so you can perform the validation of the LDAP server's certificate using your CA file.  2. Restart License Statistics.

LDAP settings

A tool such as JXplorer is an excellent way to test your LDAP settings. Using such a tool can save a lot of time when configuring License Statistics, because you can test that credentials and other settings are correct.

...