Configuring Primary LDAP Server to Use SSL/TLS

Configure the primary LDAP server URL to use Secure Sockets Layer (SSL) or Transport Layer Security (TLS) for user authentication.

Replication Server supports two ways to secure the connection:
  • Use SSL with an ldaps:// URL.
  • Use TLS with an ldap:// URL and sysadmin ldap, starttls_on_primary, starttls_on_secondary|starttls_on_secondary, 'true' command.
  1. Configure the Replication Server to use LDAP only for user authentication:
    configure replication server set user_authentication_source to 'ldap'
go
  2. Add a user to Replication Server and set the primary LDAP server URL with the certificate authorities (CA) root file path:
    sysadmin ldap, set_primary_url,
'ldap://andre:888/dc=sybase,dc=com??sub?cn=*'
go
    sysadmin ldap, set_access_acct, 'cn=Manager', 'secret'
go
    sysadmin ldap, set_cacert_file, 
'user/SYBASE/config/trusted.txt'
go
  3. Enable TLS on the primary LDAP server and log in to Replication Server with a new user name and password:
    sysadmin ldap, starttls_on_primary, 'true'
go
    isql -SmyRs -UnewUserName -PnewUserPwd
  4. Configure the primary LDAP server to use the SSL port.
    Before using this command, set the starttls_on_primary parameter to false.
    sysadmin ldap, starttls_on_primary, 'false'
go
    sysadmin ldap, set_primary_url,
'ldaps://andre:8889/dc=sybase,dc=com??sub?cn=*'
go
  5. Log in to Replication Server using the new user name and password:
    isql -SmyRS -UnewUserName -PnewUserPwd2
Parent topic: LDAP User Authentication Configuration