(Click to open topic with navigation)
All connections from MWS to the LDAP server should be secured with SSL or StartTLS to ensure passwords and other sensitive information are encrypted as they pass to and from the LDAP server. If the LDAP server does not support SSL or StartTLS, the rest of this section is irrelevant.
Determine Whether the LDAP Server's Certificate is Trusted
If the LDAP server's X.509 certificate has been signed by a trusted certificate authority such as Verisign, Thawte, GeoTrust, and so on, Java will trust the certificate automatically and you won't need to add the certificate to Java's keystore. Consult your IT department to determine whether the LDAP server certificate has been signed by a trusted certificate authority. If the LDAP server certificate is signed by a trusted certificate authority, skip ahead to Configure MWS to Connect to LDAP Cerver Using SSL or StartTLS. Otherwise, follow the instructions in Trusting Servers in Java to add the certificate to Java's keystore.
Configure MWS to Connect to LDAP Cerver Using SSL or StartTLS
To configure MWS to connect to LDAP using SSL/TLS
Update the ldap.port and ldap.security.type parameters in /opt/mws/etc/mws-config.groovy.
ldap.port = 636 ldap.security.type = "SSL"
To configure MWS to connect to LDAP using StartTLS
Update the ldap.port and ldap.security.type parameters in /opt/mws/etc/mws-config.groovy.
ldap.port = 389 ldap.security.type = "StartTLS"
The table below lists the possible values for ldap.security.type:
| ldap.security.type | Default port | Notes |
|---|---|---|
| None | 389 | This is the default if no security type is configured. All data is sent in plain text. |
| SSL | 636 | Requires server certificate. All data is encrypted. |
| StartTLS | 389 | Starts as an insecure connection and is upgraded to an SSL/TLS connection. Requires server certificate. After upgrade all data is encrypted. |