Skip to Content
avatar image
Former Member

Enabling LDAP over SSL communication btw MDM and LDAP

Hi Gurus,

Please can any one help configure "mds.ini" to enable LDAP over SSL communication btw MDM and LDAP.

Currently we have the following settings in our mds.ini:

[MDM LDAP]

LDAP in Use=True

Server=ldap.company.com

Server Port=389

Admin DN=uid=MDMLDAP,o=company.com

Admin Password+=B8HOEFOR18OELRH6FS7GT5V2

Base DN=o=company.com

User Identifier=uid

MDM Roles Algorithm=GroupMapping

MDM Roles Attribute=MDMRoles

MDM Email Attribute=mail

Allow Referrals=False

Trace Level=0

Fallback in Use=False

Fallback Roles=Guest

We would like to know what changes/additions needs to be done on MDS.INI to configure for LDAP SSL communication.

I know I need to change the "Server Port from 389 to 636" as the secure connection (SSL) communicates with 636. But apart from that what else do I need to change?

OR if you think I am not in moving in the right direction on enabling LDAP SSL communication please advise the correct path for configuration.

Thanking you all in advance for the help

Add comment
10|10000 characters needed characters exceeded

  • Get RSS Feed

3 Answers

  • Best Answer
    avatar image
    Former Member
    Jun 18, 2010 at 07:18 PM

    Hi Mastaan,

    Whatever you configured is ok.Just make sure Run a Verify > Repair operation on all repositories mounted on an

    MDM Server after configuring the mds.ini file for LDAP validation.

    Have you tested this ldap scenarion ,it is working fine or not.

    Thanks

    Sudhanshu

    Add comment
    10|10000 characters needed characters exceeded

    • Former Member Former Member

      Hi Mandeep,

      This is a very good article, but it still does not answer my security SSL question.

      This article describes good details on how to configure MDM to LDAP integration which gives a good start, but my question is related to enabling LDAP over SSL communication.

      Let me put a bit more details on how LDAP communicatoin works.

      1. MDM to LDAP (unsecurre communication) is performed on port 389. Therefore in MDS.INI apart from SERVER, PORT = 389

      2. MDM to LDAP (secure communication) is perform usually on port 636. LDAP allows secure communication when any LDAP client (in out case MDM is the LDAP client) via port 636 using a client side certificate.

      This also might help. I was reading this article and it clearly mentions that it supports SSL communication

      http://www.sap-press.de/katalog/buecher/htmlleseproben/gp/htmlprobID-60?GalileoSession=00645069A4-s52-Qj8g

      ########################

      LDAP connection

      From Service Pack 04 (SP04) on, MDM 5.5 provides an LDAP interface (Lightweight Directory Access Protocol), [The LDAP interface can, for instance, be operated in connection with Microsoft Active Directory, Novell eDirectory, or OpenLDAP. ] which enables you to store user information in a central directory. For example, user information that can be queried by MDM is stored in the LDAP-capable directory. This delegates the maintenance of that information to the LDAP service. The connection to MDM is secured using Secure Sockets Layer (SSL) or Kerberos, which ensures a secure, uniform authentication on a non-secure network.

      To use the LDAP service, two basic settings must be made. First, you must activate the LDAP service in the xcs.ini file, and save the associated connection settings. Security configuration can also be done here. In the directory service, MDM needs only one attribute field, which contains the specified role names from MDM User Management separated with semicolons.

      The interplay of MDM and the LDAP directory can be described as follows. When the user logs in to the MDM client (Data Manager), this connects to the MDM Server and passes the entries to it. Secured by SSL, the MDM Server connects via LDAP to the directory service and searches for the login name (the distinguishedName). This login name is found and sent back to the MDM Server, which then connects to the LDAP service again and passes the login information (including the password) provided by the user. Now, the permissions (MDM roles) are returned and compared to the rights in the repository of the role(s) requested for access.

      "

      I hope this helps you understand what help I am looking for i.e. how to enable/configure MDM to communicate with LDAP via SSL communication.

      Thanking you in advance

  • avatar image
    Former Member
    Jul 14, 2010 at 03:46 PM

    Hi All,

    Any luck on with my question. We are still struggling to enable SSL. Any help would be highly appreciated.

    Please refer to my above notes for more details on our issue.

    Thanking you all in advance.

    Mastaan

    Add comment
    10|10000 characters needed characters exceeded

  • Jan 19, 2011 at 11:04 PM

    Did you ever get the LDAP SSL connection configured? I'm trying to do the same thing....

    Add comment
    10|10000 characters needed characters exceeded