LDAP Server TLS Configuration Property Page

Use this page to configure Transport Security Layer (TLS) options. TLS supports an open SSL implementation, which provides an encrypted connection between the server and client.

TLS (SSL) Port
Defines the TLS (SSL) port number for LDAP services on an Novell® eDirectoryTM server. The default value is 636, a popular port address for LDAP services. The TLS port must be different from the TCP port.

Default: 636

Minimum: 0

Maximum: 65,535

Note: The SSL port is not configurable for Novell LDAP Services for eDirectory versions 3.14 and older.

Disable SSL Port
Check this box to disable the SSL port so that encrypted messages cannot be exchanged through the network. The default value is not selected, so the SSL port is enabled.

Server Certificate
Specifies the eDirectory server certificate to be sent during the TLS handshake. The certificate you select must be owned by the host server for the current LDAP Server. Click the button to the right of this field for a list of available server certificates you can choose from.

Client Certificate
During the TLS handshake, this option specifies whether the server will:

If the client certificate is asked for, provided, and authenticated, the client may perform a SASL EXTERNAL bind. A SASL EXTERNAL bind will use the authentication that occurred during the TLS handshake, thus not requiring a password.

Trusted Root Containers
Specifies the names of the containers that hold the trusted root certificates for users that can perform TLS client authentication.

Require TLS for All Operations
Selecting this option forces any operation to fail unless the connection is protected by TLS. This setting is useful in an environment where it is important that traffic on the wire not be intercepted.

Enable and Require Mutual Authentication
Enables mutual authentication in SSL.

Note: This button is not available for Novell LDAP Services for eDirectory versions 3.14 and older.

A trademark symbol (®, TM, etc.) denotes a Novell trademark. An asterisk (*) denotes a third-party trademark. For information on trademarks, see Legal Notices.