Secure LDAP uses TLS certificate authentication to provide protection against
spoofing.
Use of a TLS certificate provides the client connection to the LDAP server
with proof that the server is who it says it is.
Enabling Secure LDAP on an LDAP server configuration object can take one of two forms:
- ldaps:// – on the LDAP server configuration object, use ldaps:// when
defining the SEARCH DN URL or AUTHENTICATION URL attributes and set the TLS
attribute to OFF.
- TLS parameter – on the LDAP server configuration object, use ldap:// when defining the
SEARCH DN URL attribute and set the TLS attribute to ON.
Note: Current versions of Active Directory (AD), Tivoli, SunONE Oracle DS, and
OpenLDAP support both options. Older versions may only support one option. For
compatibility with all versions, both options are supported by
SAP Sybase IQ.