You can configure PowerExchange to use the Transport Layer Security (TLS) protocol to encrypt communications between PowerExchange and the LDAP server. You can supplement TLS security with Simple Authentication and Security Layer (SASL) security.
TLS uses encryption to protect against snooping and tampering with network traffic. You can configure TLS to require server authentication only or both client and server authentication. The client in these transactions is the PowerExchange Listener or PowerExchange Logger machine, and the server is the LDAP server.
You can also configure PowerExchange to use the StartTLS extension for secured communications.
The following statements in the DBMOVER configuration file control certificate-based LDAP security:
The LDAP_OPENSSL statement controls certificate-based LDAP security for an OpenLDAP implementation.
The LDAP_TLS statement controls certificate-based LDAP security for an Oracle LDAP implementation.
The LDAP_SASL_MECH statement specifies the authentication mechanism that the Simple Authentication and Security Layer (SASL) uses for either the OpenLDAP or Oracle LDAP implementation.
The OpenLDAP and Oracle LDAP implementations use different keystore formats. OpenLDAP uses OpenSSL certificate and key files, which must be in PEM format. Oracle LDAP uses NSS certificate and key files.
Unless otherwise noted, the term
TLS
is used to denote both the Secure Sockets Layer (SSL) and TLS protocols.