cancel
Showing results for 
Search instead for 
Did you mean: 

Enabling LDAP over SSL communication btw MDM and LDAP

Former Member
0 Kudos

Hi Gurus,

Please can any one help configure "mds.ini" to enable LDAP over SSL communication btw MDM and LDAP.

Currently we have the following settings in our mds.ini:

[MDM LDAP]

LDAP in Use=True

Server=ldap.company.com

Server Port=389

Admin DN=uid=MDMLDAP,o=company.com

Admin Password+=B8HOEFOR18OELRH6FS7GT5V2

Base DN=o=company.com

User Identifier=uid

MDM Roles Algorithm=GroupMapping

MDM Roles Attribute=MDMRoles

MDM Email Attribute=mail

Allow Referrals=False

Trace Level=0

Fallback in Use=False

Fallback Roles=Guest

We would like to know what changes/additions needs to be done on MDS.INI to configure for LDAP SSL communication.

I know I need to change the "Server Port from 389 to 636" as the secure connection (SSL) communicates with 636. But apart from that what else do I need to change?

OR if you think I am not in moving in the right direction on enabling LDAP SSL communication please advise the correct path for configuration.

Thanking you all in advance for the help

Accepted Solutions (1)

Accepted Solutions (1)

Former Member
0 Kudos

Hi Mastaan,

Whatever you configured is ok.Just make sure Run a Verify > Repair operation on all repositories mounted on an

MDM Server after configuring the mds.ini file for LDAP validation.

Have you tested this ldap scenarion ,it is working fine or not.

Thanks

Sudhanshu

Former Member
0 Kudos

Hi Sudhanshu,

This configuration is actually working with LDAP on port 389 which is unsecure port.

So the unsecure connection btw MDM and LDAP is working.

Now we need to enable SSL communicaiton on LDAP protocol so that we can use port 636 which is LDAP over SSL communication port.

I need help in configuration of enabling MDM to communicate with our LDAP using SSL.

Let me know if you need more details.

Thanks,

Mastaan

Former Member
0 Kudos

Hi Mastaan,

Please refer the Step-by-Step Process to Configure LDAP Support for MDM as given below:

http://www.sdn.sap.com/irj/scn/go/portal/prtroot/docs/library/uuid/8054d5e1-1000-2c10-a09e-a168973f7...

Hope it helps..

Regards,

Mandeep Saini

Former Member
0 Kudos

Hi Mandeep,

This is a very good article, but it still does not answer my security SSL question.

This article describes good details on how to configure MDM to LDAP integration which gives a good start, but my question is related to enabling LDAP over SSL communication.

Let me put a bit more details on how LDAP communicatoin works.

1. MDM to LDAP (unsecurre communication) is performed on port 389. Therefore in MDS.INI apart from SERVER, PORT = 389

2. MDM to LDAP (secure communication) is perform usually on port 636. LDAP allows secure communication when any LDAP client (in out case MDM is the LDAP client) via port 636 using a client side certificate.

This also might help. I was reading this article and it clearly mentions that it supports SSL communication

http://www.sap-press.de/katalog/buecher/htmlleseproben/gp/htmlprobID-60?GalileoSession=00645069A4-s5...

########################

LDAP connection

From Service Pack 04 (SP04) on, MDM 5.5 provides an LDAP interface (Lightweight Directory Access Protocol), [The LDAP interface can, for instance, be operated in connection with Microsoft Active Directory, Novell eDirectory, or OpenLDAP. ] which enables you to store user information in a central directory. For example, user information that can be queried by MDM is stored in the LDAP-capable directory. This delegates the maintenance of that information to the LDAP service. The connection to MDM is secured using Secure Sockets Layer (SSL) or Kerberos, which ensures a secure, uniform authentication on a non-secure network.

To use the LDAP service, two basic settings must be made. First, you must activate the LDAP service in the xcs.ini file, and save the associated connection settings. Security configuration can also be done here. In the directory service, MDM needs only one attribute field, which contains the specified role names from MDM User Management separated with semicolons.

The interplay of MDM and the LDAP directory can be described as follows. When the user logs in to the MDM client (Data Manager), this connects to the MDM Server and passes the entries to it. Secured by SSL, the MDM Server connects via LDAP to the directory service and searches for the login name (the distinguishedName). This login name is found and sent back to the MDM Server, which then connects to the LDAP service again and passes the login information (including the password) provided by the user. Now, the permissions (MDM roles) are returned and compared to the rights in the repository of the role(s) requested for access.

"

I hope this helps you understand what help I am looking for i.e. how to enable/configure MDM to communicate with LDAP via SSL communication.

Thanking you in advance

Answers (2)

Answers (2)

former_member192350
Active Participant
0 Kudos

Did you ever get the LDAP SSL connection configured? I'm trying to do the same thing....

Former Member
0 Kudos

Hi All,

Any luck on with my question. We are still struggling to enable SSL. Any help would be highly appreciated.

Please refer to my above notes for more details on our issue.

Thanking you all in advance.

Mastaan