on 06-18-2010 3:47 PM
Hi Gurus,
Please can any one help configure "mds.ini" to enable LDAP over SSL communication btw MDM and LDAP.
Currently we have the following settings in our mds.ini:
[MDM LDAP]
LDAP in Use=True
Server=ldap.company.com
Server Port=389
Admin DN=uid=MDMLDAP,o=company.com
Admin Password+=B8HOEFOR18OELRH6FS7GT5V2
Base DN=o=company.com
User Identifier=uid
MDM Roles Algorithm=GroupMapping
MDM Roles Attribute=MDMRoles
MDM Email Attribute=mail
Allow Referrals=False
Trace Level=0
Fallback in Use=False
Fallback Roles=Guest
We would like to know what changes/additions needs to be done on MDS.INI to configure for LDAP SSL communication.
I know I need to change the "Server Port from 389 to 636" as the secure connection (SSL) communicates with 636. But apart from that what else do I need to change?
OR if you think I am not in moving in the right direction on enabling LDAP SSL communication please advise the correct path for configuration.
Thanking you all in advance for the help
Hi Mastaan,
Whatever you configured is ok.Just make sure Run a Verify > Repair operation on all repositories mounted on an
MDM Server after configuring the mds.ini file for LDAP validation.
Have you tested this ldap scenarion ,it is working fine or not.
Thanks
Sudhanshu
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Sudhanshu,
This configuration is actually working with LDAP on port 389 which is unsecure port.
So the unsecure connection btw MDM and LDAP is working.
Now we need to enable SSL communicaiton on LDAP protocol so that we can use port 636 which is LDAP over SSL communication port.
I need help in configuration of enabling MDM to communicate with our LDAP using SSL.
Let me know if you need more details.
Thanks,
Mastaan
Hi Mastaan,
Please refer the Step-by-Step Process to Configure LDAP Support for MDM as given below:
Hope it helps..
Regards,
Mandeep Saini
Hi Mandeep,
This is a very good article, but it still does not answer my security SSL question.
This article describes good details on how to configure MDM to LDAP integration which gives a good start, but my question is related to enabling LDAP over SSL communication.
Let me put a bit more details on how LDAP communicatoin works.
1. MDM to LDAP (unsecurre communication) is performed on port 389. Therefore in MDS.INI apart from SERVER, PORT = 389
2. MDM to LDAP (secure communication) is perform usually on port 636. LDAP allows secure communication when any LDAP client (in out case MDM is the LDAP client) via port 636 using a client side certificate.
This also might help. I was reading this article and it clearly mentions that it supports SSL communication
########################
LDAP connection
From Service Pack 04 (SP04) on, MDM 5.5 provides an LDAP interface (Lightweight Directory Access Protocol), [The LDAP interface can, for instance, be operated in connection with Microsoft Active Directory, Novell eDirectory, or OpenLDAP. ] which enables you to store user information in a central directory. For example, user information that can be queried by MDM is stored in the LDAP-capable directory. This delegates the maintenance of that information to the LDAP service. The connection to MDM is secured using Secure Sockets Layer (SSL) or Kerberos, which ensures a secure, uniform authentication on a non-secure network.
To use the LDAP service, two basic settings must be made. First, you must activate the LDAP service in the xcs.ini file, and save the associated connection settings. Security configuration can also be done here. In the directory service, MDM needs only one attribute field, which contains the specified role names from MDM User Management separated with semicolons.
The interplay of MDM and the LDAP directory can be described as follows. When the user logs in to the MDM client (Data Manager), this connects to the MDM Server and passes the entries to it. Secured by SSL, the MDM Server connects via LDAP to the directory service and searches for the login name (the distinguishedName). This login name is found and sent back to the MDM Server, which then connects to the LDAP service again and passes the login information (including the password) provided by the user. Now, the permissions (MDM roles) are returned and compared to the rights in the repository of the role(s) requested for access.
"
I hope this helps you understand what help I am looking for i.e. how to enable/configure MDM to communicate with LDAP via SSL communication.
Thanking you in advance
Did you ever get the LDAP SSL connection configured? I'm trying to do the same thing....
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi All,
Any luck on with my question. We are still struggling to enable SSL. Any help would be highly appreciated.
Please refer to my above notes for more details on our issue.
Thanking you all in advance.
Mastaan
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
80 | |
9 | |
9 | |
7 | |
7 | |
6 | |
6 | |
6 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.