Configuring secure access to an LDAP repository

Configure secure access to a Lightweight Directory Access Protocol (LDAP) repository used by IBM® Sametime® servers.

Before you begin

Ensure that the enterprise LDAP server is running.

About this task

If the LDAP server is using a public certificate, then you need to obtain the public root CA and import it. If your LDAP server is using a self-signed certificate, then you simply import the self-signed certificate. This procedure only needs to be performed one time on one server in your configuration. Once you have completed it for one server, you do not need to complete it again for any other server. The procedure is basically the same. In this procedure we use the SIP Proxy/Registrar Server as an example.

Procedure

1. Import the certificate:
   1. Log in to the Integrated Solutions Console for the SIP Proxy/Registrar.
   2. Select Security > SSL Certificate and key management > Key stores and certificates > CellDefaultTrustStore > Signer certificates.
   3. Click Add.
   4. In the Alias field, type a description for the certificate, whether it's self-signed or a public CA.
   5. In the File name field, type the path to the certificate file. For example, c:\ldap.cer.
   6. Click Apply and then Save.
   7. Restart all WebSphere® Application Server processes for the change to take effect.
2. Enable SSL between the SIP Proxy/Registrar and the LDAP repository.
   1. Log in to the Integrated Solutions Console for the SIP Proxy/Registrar.
   2. Select Security > Global security.
   3. Click Configure.
   4. In Repositories in the realm table select the LDAP server identifier.
   5. In the Port field type 636. For some LDAP servers, you can specify a different port for a SSL connection.
   6. Click Require SSL communications.
   7. Click Apply and then Save.
   8. Restart the SIP Proxy/Registrar for the change to take effect.