Secure LDAP uses TLS certificate authentication to provide protection against
spoofing.
Use of a TLS certificate provides the client connection to the LDAP server with proof
that the server is who it says it is.
Enabling Secure LDAP on an LDAP server configuration object can take one of two forms:
- ldaps:// – on the LDAP server configuration object, use ldaps:// when defining the
SEARCH DN URL or AUTHENTICATION URL attributes and set the TLS attribute to
OFF.
- TLS parameter – on the LDAP server configuration object, use ldap:// when defining the
SEARCH DN URL attribute and set the TLS attribute to ON.
Note: Current versions of Active Directory (AD), Tivoli, SunONE Oracle DS, and
OpenLDAP support both options. Older versions may only support one option. For
compatibility with all versions, both options are supported by
SAP Sybase IQ.