Enabling SSL Communication with LDAP
Communication between Spectrum Technology Platform and an LDAP or Active Directory server uses TCP by default.
You can configure Spectrum Technology Platform to use LDAP over SSL if you want to secure the communication between the Spectrum Technology Platform server and the LDAP or Active Directory server.
You may need to add the certificate to the Java TrustStore used by Spectrum Technology Platform if:
- The default Java TrustStore does not contain an entry for the certificate authority you are using.
- You are using a self-signed certificate. Note that using a self-signed certificate is not recommended in a production environment.
- Obtain a copy of the certificate. You can get a copy of the certificate from your LDAP administrator or by using a tool like LDAP Admin to view and save the certificate.
-
Add the certificate to a new or existing TrustStore using the
keytool utility included in the JDK.
For example:
keytool -import -file X509_certificate_ldap.cer -alias server.example.com -keystore ldapTrustStore
See your vendor's Java documentation for more information.
Note: The certificate must meet the requirements for encryption and length for the version of Java used by Spectrum Technology Platform. To find out the version of Java, open Spectrum Management Console and go to . For more information, see java.com/en/jre-jdk-cryptoroadmap.html. -
Stop the Spectrum Technology Platform server.
- To stop the server on Windows, right-click the Spectrum Technology Platform icon in the Windows system tray and select Stop Spectrum. Alternatively, you can use the Windows Services control panel and stop the Precisely Spectrum Technology Platform service.
- To stop the server on Linux, source the SpectrumDirectory/server/bin/setup script then execute the SpectrumDirectory/server/bin/server.stop script.
-
Open this file in a text editor:
SpectrumDirectory\server\conf\spring\security\spectrum-config-ldap.properties
-
Configure these properties:
- spectrum.ldap.url
- Specify the URL of the LDAP server. Be sure to specify the SSL port
number, which is typically 636. For
example:
spectrum.ldap.url=ldap://server.example.com:636
Note: Do not include a slash character at the end of the URL. - spectrum.ldap.useSSL
- Specify true to enable SSL communication with LDAP.
- spectrum.ldap.trustStore
- Specify the location of the TrustStore containing the certificate to
use for SSL communication with LDAP. For example on
Windows:,
On Linux:spectrum.ldap.trustStore=file:D:\\Certs\\MyTrustStore
spectrum.ldap.trustStore=file://Certs//MyTrustStore
- spectrum.ldap.trustStore.password
- Specify the TrustStore password.
Important: If you are running Spectrum Technology Platform in a cluster,
repeat this procedure on each server in the cluster.