...
| The information on this page refers to License Statistics v6.6 or 24 and newer, which introduced the License Statistics Manager, a tool that replaces direct editing of the xflicstat.cfg configuration file for Windows installations. changed "LDAP" labels to the generic label "User Directory." If you are using an earlier version of License Statisticsa version previous to v6.24, please refer to the to documentation for previous releases prior to v6.6. |
For Windows, the LDAP User Directory SSL connection is configured using the License Statistics Manager. For Linux, the LDAP User Directory SSL connection is configured in the xflicstat.cfg file.
...
User Directory configuration settings (Windows)
For Windows, use the LDAP User Directory section of the License Statistics Manager Configuration Settings to review and modify your LDAP User Directory configuration.
...
User Directory configuration settings (Linux)
The LDAP User Directory settings in the configuration file (xflicstat.cfg) include the following.
| Setting | Default | Description |
|---|---|---|
| LDAP_SSL_CERTIFICATE_KEY_FILE | empty | Path to file with certificate. |
| LDAP_SSL_CERTIFICATE_VERIFY | demand | Defines if LDAP Specifies whether the User Directory server certificate should be verified. To turn verification on, set this to 'demand'; to turn verification off, set this to 'allow'. |
| LDAP_SSL_KEYSTORE | empty | Path to keystore containing server certificate. |
| LDAP_SSL_KEYSTORE_PASSWORD | changeit | Password to keystore. |
Configuration notes
If you only need to encrypt only the data sent between License Statistics and the LDAP User Directory server, set the certificate verification to "allow." This way, communication will be encrypted, but the LDAP User Directory server certificate won't be verified.
If you want to increase security, set the certificate verification to "demand." In most cases, this should be sufficient, because License Statistics has root certificates from most Certified Authorities (CAs) and is able to verify server certificates with them. However, if the server certificate was not issued by one of our supported CAs (e.g., because it was generated from your company's internal root certificate), you will need to provide an LDAP a User Directory server certificate to License Statistics. There are two ways to do this, as described below.
...
Method 2: Use the keystore with a loaded certificate.
If you already have a JKS a JKS or PKCS12 keystore that contains an LDAP a User Directory server certificate, you can provide the path using this method.
...