Versions Compared

Old Version 4

changes.mady.by.user Unknown User (tpacuszka)

Saved on

compared with

New Version 5

changes.mady.by.user Unknown User (tpacuszka)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Ldap ssl LDAP SSL connection is configured through xflicstat.cfg file.

...

LDAP_SSL_CERTIFICATE_KEY_FILE - path to file with certificate. Empty by default.
LDAP_SSL_CERTIFICATE_VERIFY - defines if ldap LDAP server certificate should be verified. To turn it on set it to 'demand' to turn it off set it to 'allow'. Default 'demand'.
LDAP_SSL_KEYSTORE - path to keystore containing server certificate. Empty by default.
LDAP_SSL_KEYSTORE_PASSWORD - password to keystore. Default 'changeit'.
LDAP_SSL_KEYSTORE_TYPE - type of keystore (JKS and PKCS12 are allowed). Default 'jks'.

Every key should be either commented out or non-empty. Commented setting has default value.

Configuration:

If you only need to encrypt data sent between License Statistics and ldap LDAP server, then only thing you need to do is to set LDAP_SSL_CERTIFICATE_VERIFY to 'allow'. This way communication will be encrypted, but ldap LDAP server certificate won't be verified.

...

But if server certificate was not issued by one of our supported CAs (f.e. because it was generated from your company internal root certificate) then you will need to provide ldap LDAP server certificate to License Statistics. There are two ways to do that.
1. Through certificate file. It is the easiest, and recommended way. You have to copy server root or intermediate certificate file to License Statistics host and provide path to this file under LDAP_SSL_CERTIFICATE_KEY_FILE in xflicstat.cfg.

Code Block
languagetext
titleExample
LDAP_SSL_CERTIFICATE_KEY_FILE = C:\MyDirectory\certificate.cer
LDAP_SSL_CERTIFICATE_VERIFY = demand
# LDAP_SSL_KEYSTORE =
# LDAP_SSL_KEYSTORE_PASSWORD =
# LDAP_SSL_KEYSTORE_TYPE =

2. Through keystore with loaded certificate. If you already have keystore that contains ldap LDAP server certificate and is of JKS or PKCS12 type then provide path to it in LDAP_SSL_KEYSTORE, password in LDAP_SSL_KEYSTORE_PASSWORD and its type in LDAP_SSL_KEYSTORE_TYPE.

Code Block
languagetext
titleExample
# LDAP_SSL_CERTIFICATE_KEY_FILE = 
LDAP_SSL_CERTIFICATE_VERIFY = demand
LDAP_SSL_KEYSTORE = C:\MyDirectory\keystore.p12
LDAP_SSL_KEYSTORE_PASSWORD = Password123
LDAP_SSL_KEYSTORE_TYPE = PKCS12

...