Protecting the LDAP Login Module BindPassword Property

Encrypt an LDAP Server bind password that must be kept secure while stored in the Sybase Control Center csi.properties file.

Prerequisites
Task

This procedure assumes that Sybase Unwired Platform and Sybase Control Center are installed at the default location, typically C:\Sybase\UnwiredPlatform for Sybase Unwired Platform, and C:\Sybase\SCC-3_0 for Sybase Control Center.

  1. Use Microsoft Windows service to stop Sybase Unified Agent 3.0.
  2. Modify the registry:
    1. Run regedt32.exe to open the registry editor.
      Note: This step should be performed by a knowledgeable system administrator.
    2. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\SYBASE\Unified Agent 3.0.
    3. Create a String value named jvmopt6, and set its value to:
      –Dcom.sybase.security.BootstrapConfigurationURL=file:///C:/Sybase/UnwiredPlatform/Servers/UnwiredServer/Repository/CSI/csibootstrap.properties
      Note: If jvmopt6 already exists, use jvmopt7, or a similar name.
  3. Copy C:\Sybase\UnwiredPlatform\Servers\UnwiredServer\Repository\CSI\csikeystore.jceks to C:\Sybase\SCC-3_0.
  4. Encrypt the password by running:
    java -jar C:\Sybase\UnwiredPlatform\Servers\UnwiredServer\lib\ext\csi-tool.jar csi.encmessage @C:\Sybase\UnwiredPlatform\Servers\UnwiredServer\Repository\CSI\csibootstrap.properties --text secret
    Note: This example encrypts the password secret, which is the default value of bind password for the OpenDS LDAP Server installed by Unwired Server (Developer Edition installation only).
  5. Navigate to C:\Sybase\SCC-3_0\conf\csi.properties, and update csi.properties with the encrypted password string generated in the previous step, as follows:
    CSI.loginModule.8.options.AuthenticationSearchBase=ou=users,dc=example,dc=com
CSI.loginModule.8.options.BindDN=cn=Directory Manager
CSI.loginModule.8.options.BindPassword.e=1-AAAAEgQQVbvdEKVgXU6uEeFauCtmwqP3745Y6j5Q1fbwupIxXUe0HUBsnyFcHpXMlfmCG3jGm1fhUcm4E5PdwUqtJaSlvQ==
CSI.loginModule.8.options.DefaultSearchBase=dc=example,dc=com
CSI.loginModule.8.options.ProviderURL=ldap://helxp-vm1:10389
CSI.loginModule.8.options.RoleSearchBase=ou=groups,dc=example,dc=com
CSI.loginModule.8.options.ServerType=openldap
CSI.loginModule.8.options.moduleName=SUP LDAP Login Module
CSI.loginModule.8.provider=com.sybase.ua.services.security.ldap.LDAPWithRoleLoginModule
CSI.loginModule.8.controlFlag=sufficient
  6. Use Microsoft Windows service to restart Sybase Unified Agent 3.0.
Parent topic: Sybase Control Center Online Help