Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. PowerExchange Globalization
  12. Using the PowerExchange ODBC Drivers
  13. PowerExchange Datatypes and Conversion Matrix
  14. Appendix A: DTL__CAPXTIMESTAMP Time Stamps
  15. Appendix B: PowerExchange Glossary

LDAP_OPENSSL Statement

LDAP_OPENSSL Statement

The LDAP_OPENSSL statement enables LDAP secured connections between PowerExchange and the LDAP server and specifies certificate information for a Transport Layer Security (TLS) connection to the LDAP server. You can also configure PowerExchange to use the StartTLS extension to initiate LDAP secured communications.
If you are using an OpenLDAP client, define the LDAP_OPENSSL statement and specify OPEN_LDAP for the fourth positional parameter in the SECURITY statement.
If you are using an Oracle LDAP client, use the LDAP_TLS statement instead of the LDAP_OPENSSL statement.
Linux, UNIX, and Windows
LDAP_SASL_MECH, LDAP_TLS
No
LDAP_OPENSSL=({CAPATH=
directory
|CAFILE=
filepath
} [,CERTFILE=
filepath
,KEYFILE=
filepath
] [,PASS=
passphrase
|EPASS=
encrypted_passphrase
] [,START_TLS={N|Y}] )
CAPATH=
directory
Required if CAFILE is not specified. Directory where OpenSSL can find CA certificate files in PEM format.
CAFILE=
filepath
Required if CAPATH is not specified. File that contains one or more CA certificates in PEM format.
CERTFILE=
filepath
Optional. Client signing certificate. Include this parameter if the LDAP server is configured to require a signed certificate from its clients. The certificate and key files must be in PEM format. The certificate file must be named by the hash of the CA certificate.
KEYFILE=
filepath
Required if CERTFILE is specified. Client private key for signing its certificate. The certificate and key files must be in PEM format.
PASS=
passphrase
Optional. If the key file is DES-encrypted, the passphrase that is used to access the private key that is associated with the client certificate. Do not enter both the PASS and the EPASS parameters.
EPASS=
encrypted_passphrase
Optional. If the key file is DES-encrypted, the encrypted passphrase that is used to access the private key that is associated with the client certificate. Do not enter both the PASS and the EPASS parameters.
START_TLS={N|Y}
Optional. Controls whether PowerExchange uses the StartTLS extended LDAP operation to initiate secure network traffic on a normally unsecured port. Default is N.