Security options in the ibmslapd.conf file
We can modify the ibmslapd.conf file to configure the options for SSL.
- listen ldap_URL
- Specifies, in LDAP URL format, the IP address, or host name and the port number where the LDAP server listens to incoming client requests. This parameter can be specified more than one time in the configuration file.
- sslAuth serverAuth | serverClientAuth
- Specifies the SSL/TLS authentication method. The serverAuth method allows the LDAP client to validate the LDAP server on the initial contact between the client and the server. The serverAuth method is the default.
- sslCertificate certificateLabel | none
- Label of the certificate used for server authentication. This option is needed if a default certificate is not set in the key database file or key ring, or if a certificate other than the default one is required. If this option is omitted, the default certificate is used.
- sslCipherSpecs string | ANY
- Specifies the SSL/TLS cipher specifications that can be accepted from clients.
- sslKeyRingFile filename | keyring
- Path and file name of the SSL/TLS key database file or key ring for the server.
- sslKeyRingFilePW string
- Password that protects access to the SSL/TLS key database file. When a RACF key ring is used instead of a key database file, do not specify this option in the configuration file. Use of the sslKeyRingFilePW configuration option is discouraged. As an alternative, use either the RACF key ring support or the sslKeyRingPWStashFile configuration option. This option eliminates this password from the configuration file.
- sslKeyRingPWStashFile filename
- File name where the password for the server key database file is stashed. If this option is present, then the password from this stash file overrides the value specified for the sslKeyRingFilePW configuration option. Use the gskkyman utility with the -s option to create a key database password stash file.
When a RACF key ring is used instead of a key database file, do not specify this option in the configuration file.
Parent topic: Configure IBM Security Directory Server for z/OS for SSL access