Table of Contents

Search

  1. Preface
  2. Introduction to PowerExchange
  3. DBMOVER Configuration File
  4. Netport Jobs
  5. PowerExchange Message Logs and Destination Overrides
  6. SMF Statistics Logging and Reporting
  7. PowerExchange Security
  8. Secure Sockets Layer Support
  9. PowerExchange Alternative Network Security
  10. PowerExchange Nonrelational SQL
  11. PowerExchange Globalization
  12. Using the PowerExchange ODBC Drivers
  13. PowerExchange Datatypes and Conversion Matrix
  14. Appendix A: DTL__CAPXTIMESTAMP Time Stamps
  15. Appendix B: PowerExchange Glossary

Example: Level 2 LDAP Security - Secure OpenLDAP Configuration with Client Authentication

Example: Level 2 LDAP Security - Secure OpenLDAP Configuration with Client Authentication

The following example shows DBMOVER statements for secure OpenLDAP configuration with client authentication:
SECURITY=(1,N,LDAP,OPEN_LDAP) LDAP_HOST=(myldapserver,636) LDAP_BIND_DN="uid=hmiller,ou=People,dc=example,dc=com" LDAP_BIND_EPWD=47D95F9932FB5F67 LDAP_BASE=("ou=People,dc=example,dc=com") LDAP_OPENSSL=(CAPATH=/pwx_store,
CERTFILE=/pwx_store/mycert.pem,KEYFILE=/pwx_store/mykey.pem, PASS=clientauth
)
The
/pwx_store
directory serves as a truststore and keystore. The directory has entries for server and client authentication.
For server authentication, the truststore must contain Certificate Authority certificates, in PEM format, that are sufficient to validate the LDAP server.
For client authentication, the following entries must be present:
  • The certificate file and key file that identify the client (PowerExchange) to the LDAP server. The LDAP server truststore must be configured with Certificate Authority certificates, in PEM format, that are sufficient to validate this client certificate.
  • The private key associated with the client certificate. The key file is encrypted. Accessing this key requires the password
    clientauth
    , as indicated by the PASS parameter.
The LDAP_HOST statement directs the encrypted traffic to the secure port 636 of the LDAP server.