Administration GuideSet Up EncryptionHow to Encrypt Communication between CA Directory ComponentsHow to Encrypt Communication to DSAs › Encrypt LDAP Bindings

Previous Topic: How to Encrypt Communication to DSAs

Next Topic: Configure DSA to Act as an LDAP Client with SSL Encryption
Encrypt LDAP Bindings

You can force SSL encryption over LDAP links for both anonymous and authenticated bindings.

To force SSL encryption on anonymous bindings, include the following command in the settings configuration file of the DSA:

set force-encrypt-anon = true | false

When this setting is on, if a user tries to create an anonymous binding without SSL, the DSA disallows it and returns an "Inappropriate authentication" error.

To force SSL encryption on authenticated bindings, include the following command in the settings configuration file of the DSA:

set force-encrypt-auth = true | false

When this setting is on, if a user tries to create an authenticated binding without SSL, the DSA disallows it and returns an "Inappropriate authentication" error.

The set force-encrypt-auth setting does not prevent the credentials from being sent unencrypted over the network. However it refuses any unencrypted binding request.