Tivoli Directory Server SSL Enabled

Download

The Tivoli Directory Server with SSL enabled snippet provides a snippet of server configuration that can be used to configure the Liberty profile to authenticate users with Tivoli Directory Server.

The password value can be plaintext, or the xor encoded value of the password. In this example SSL connection to LDAP server is enabled.

 


<server description="LdapRegistry sample configuration">

    <!-- NOTE: This file is for reference only. -->

    <!-- Enable appSecurity-2.0 and ldapRegistry-3.0 features -->
    <featureManager>
        <feature>appSecurity-2.0</feature>
        <feature>ldapRegistry-3.0</feature>
    </featureManager>

	<!-- Sample configuration for LdapRegistry of the IBM Directory Server type.
         The password value can be plaintext, or the xor encoded value of the password. 
		 In this example SSL connection to LDAP server is enabled. -->
	<ldapRegistry id="IBMDirectoryServerLDAP" realm="SampleLdapIDSRealm" host="host.domain.com" port="636" ignoreCase="true" baseDN="o=domain,c=us" ldapType="IBM Tivoli Directory Server" searchTimeout="8m" sslEnabled="true" sslRef="LDAPSSLSettings"/>

	<sslDefault sslRef="LDAPSSLSettings"/>
    <ssl id="LDAPSSLSettings" keyStore="LDAPKeyStore" trustStore="LDAPTrustStore"/>
    <keyStore id="LDAPKeyStore" location="${server.config.dir}/LdapSSLKeyStore.jks" type="JKS" password="{xor}CDo9Hgw="/>
    <keyStore id="LDAPTrustStore" location="${server.config.dir}/LdapSSLTrustStore.jks" type="JKS" password="{xor}CDo9Hgw="/>
	
</server>