Prev
Next
Forums Infor / Lawson Platforms S3 Security

SSOPV2_LDAP_BIND - change to secure port?

 1 Replies
 0 Subscribed to this topic
 15 Subscribed to this forum
Sort:
Author
Messages
Sam Adams
New Member
Posts: 1
New Member
12/16/2013 10:57 PM
    Lawson 10 environment here, not yet in production.  We have ldap bind set up to AD, which was was done by consultants.

    I'm curious how one changes it to be a secure connection?  I could be wrong, but based on my experience to date, I can't imagine that the system will know that changing the port to 3269 means to switch to secure ldap automatically.  I'm not planning on doing this along, but I heard through the grapevine that the consultant said it's not recommended to go that route?!  

    Needless to say, we want this remedied promptly, so that our passwords aren't being sent over the wire cleartext.

    I appreciate any explanations, experience, pointers, caveats, etc.

    Best regards,
    SamA
    Alex Tsekhansky
    Veteran Member
    Posts: 92
    Veteran Member
    12/22/2013 10:01 PM
      Hi, Sam.

      When you BIND LSF to an LDAP server, you must specify a protocol. There are two protocols you can use - LDAP (which transmits data without encryption) and LDAPS (which encrypts data). Hence, your BIND URLs will be different for SSL-based vs non-encrypted BIND URL. For "regular" URL it will be ldap://server:post, while for the SSL-based-one it would be ldaps://server:sslport. Note that LDAP servers use one port for non-SSL LDAP traffic and a different port for SSL traffic.
      If you bind to AD, and you plan to use Global Catalog LDAP server, you can use port 3268 for non-SSL traffic, or port 3269 for SSL-encrypted traffic.

      Note that if you use LDAPS, since WAS makes direct connections to that LDAP (along with SSL), you will need to import AD certificate from that port to both WAS trust store for the node, as well as OS Java certificate repository used by LSF.