IBM Tivoli Monitoring > Version 6.3 Fix Pack 2 > Administrator's Guide > Enable user authentication > LDAP user authentication through the portal server > Use the TEPS/e administration console
IBM Tivoli Monitoring, Version 6.3 Fix Pack 2
Configure TLS/SSL communication between the portal server and the LDAP server
Use the TEPS/e administration console to configure TLS (Transport Layer Sockets) or SSL (Secure Socket Layers) between the portal server and the LDAP server.
Ensure that you already have an existing connection to an LDAP server and that Tivoli Enterprise Portal users can login to the portal server and be authenticated by the LDAP server. You must also ensure that the Tivoli Enterprise Portal Server is configured to use an LDAP type of Other since the configuration of TLS/SSL for LDAP server communication must be performed using the TEPS/e administration console.
Your LDAP server must be configured to accept TLS/SSL connections and be running on the secured port number, typically port 636. Refer to your LDAP server documentation if create a signer certificate, which as part of this task, must be imported from your LDAP server into the trust store of TEPS/e.
LDAP TLS/SSL requires some actions by an LDAP administrator that are not covered by the Tivoli Monitoring documentation. The following topics in the IBM Security Systems Information Center include information about setting up LDAP servers for TLS/SSL:
- Configure Microsoft Active Directory for SSL access
- Configure the Tivoli Directory Server client for SSL access
- Configure Oracle Java System Directory Server for SSL access
Start the TEPS/e administration console using the instructions in Start the TEPS/e administration console before beginning the procedure.
Procedure
- Perform the following steps to import your LDAP server's signer certificate into the TEPS/e trust store:
- Click Security → SSL certificate and key management.
- In the Related Items area of the page, click the Key stores and certificates link and in the table that is displayed, click the NodeDefaultTrustStore link.
- In the Additional Properties area, click the Signer certificates link and click the Retrieve from port button.
- In the relevant fields provide the hostname, port (typically 636 for SSL connections), SSL configuration details, as well as the alias of the certificate for your LDAP server. Then click the Retrieve signer information button and then click OK.
- Follow these steps to enable TLS/ SSL communications to your LDAP server:
- Click Security → Global security.
- In the Related Items area near the bottom of the page, select Manage repositories.
- In the table of repositories, select the link for the repository identifier for your LDAP server.
- Select the Require SSL communications check box and select the Centrally managed option.
- Change the port number from 389 to the port number that your LDAP server uses for SSL connections (typically 636).
- Click OK.
- Save the configuration changes.
- Restart the portal server.
When the portal server is restarted, the TEPS/e administration console is disabled automatically. You must re-enable it before it can be used again by following the instructions in Start the TEPS/e administration console.
What to do next
Verify that the Tivoli Enterprise Portal users can log in and be authenticated by the LDAP server.
Parent topic:
Use the TEPS/e administration console