The LDAP_TLS statement enables LDAP secured connections between PowerExchange and the LDAP server and specifies certificate information for a Transport Layer Security (TLS) connection to the LDAP server. You can also configure PowerExchange to use the StartTLS extension to initiate LDAP secured communications.
If you are using an Oracle LDAP client, define the LDAP_TLS statement, and use the default value of ORACLE_LDAP for the fourth positional parameter in the SECURITY statement.
If you are using an OpenLDAP client, use the LDAP_OPENSSL statement instead of the LDAP_TLS statement.
Linux and UNIX
LDAP_SASL_MECH, LDAP_OPENSSL
No
LDAP_TLS=({PASS=
client_passphrase
|EPASS=
client_encrypted_passphrase}
[,KEYNAME=
key_name
]
[,CAPATH=
directory
]
[,START_TLS=Y|
N
]
)
PASS=
client
Optional. The passphrase that is used to access the private key that is associated with the client certificate. Do not enter both the PASS and the EPASS parameters.
EPASS=
client_encrypted
Optional. The encrypted passphrase that is used to access the private key that is associated with the client certificate. Do not enter both the PASS and the EPASS parameters.
You can create an encrypted passphrase in the PowerExchange Navigator by selecting
File
Encrypt Password
.
KEYNAME=
key_name
Optional. The nickname of the client certificate that is used to make an LDAP TLS connection.
CAPATH=
directory
Optional. The directory that is used for the client keystore and CA truststore.
START_TLS={Y|
N
}
Optional. Controls whether PowerExchange uses the StartTLS extended LDAP operation to initiate secure network traffic on a normally unsecured port. Default is N.