Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. PowerExchange Globalization
  12. Using the PowerExchange ODBC Drivers
  13. PowerExchange Datatypes and Conversion Matrix
  14. DTL__CAPXTIMESTAMP Time Stamps
  15. PowerExchange Glossary

LDAP Transport Layer Security

LDAP Transport Layer Security

You can configure PowerExchange to use the Transport Layer Security (TLS) protocol to encrypt communications between PowerExchange and the LDAP server. You can supplement TLS security with Simple Authentication and Security Layer (SASL) security.
TLS uses encryption to protect against snooping and tampering with network traffic. You can configure TLS to require server authentication only or both client and server authentication. The client in these transactions is the PowerExchange Listener or PowerExchange Logger machine, and the server is the LDAP server.
You can also configure PowerExchange to use the StartTLS extension for secured communications.
The following statements in the DBMOVER configuration file control certificate-based LDAP security:
  • The LDAP_OPENSSL statement controls certificate-based LDAP security for an OpenLDAP implementation.
  • The LDAP_TLS statement controls certificate-based LDAP security for an Oracle LDAP implementation.
  • The LDAP_SASL_MECH statement specifies the authentication mechanism that the Simple Authentication and Security Layer (SASL) uses for either the OpenLDAP or Oracle LDAP implementation.
The OpenLDAP and Oracle LDAP implementations use different keystore formats. OpenLDAP uses OpenSSL certificate and key files, which must be in PEM format. Oracle LDAP uses NSS certificate and key files.
Unless otherwise noted, the term
TLS
is used to denote both the Secure Sockets Layer (SSL) and TLS protocols.