LDAP Synchronization

Configuring Synchronization via SSL

To enforce encrypted transmission for synchronization, SSL can be used as a transport protocol. This encrypts sensitive information (e.g. passwords) before transferring them over the network.

Before using LDAP over SSL, the appropriate certificate of the LDAP server has to be added to the Java truststore. This certificate should first be exported into a DER format file.

For the Tomcat application server, the certificate can then be installed on a Stages Windows server as follows:

cd %JAVA_HOME%\jre\lib\security
keytool -import -file –trustcacerts <CERTFILE>.der -keystore cacerts

The default password for the Java keystore is “changeit“. Follow the steps given by the keytool application. After setting up the certificate, use the “ldaps“ protocol identifier in the LDAP URL to use LDAP over SSL protocol.

Example: ldaps:SERVER:636/cn=Users,dc=YOURDC,dc=COMPANY,dc=com