Previous Topic: SSL-enable the LDAP User Directory ConnectionNext Topic: Troubleshoot the SSL Connection to the LDAP User Directory

CA SiteMinder® Federation Standalone GuideUser Directory Connections for AuthenticationHow to Connect to an LDAP User Directory Over SSLEstablish a Connection to the Certificate Database

Establish a Connection to the Certificate Database

Connecting to an LDAP user directory over SSL requires that the system point to the proper certificate database. This database must contain the cert8.db and key3.db files.

The XPSConfig tool, which is shipped with the product, enables you to specify the path to the certificate database using the LdapObjCertDbPath setting.

Follow these steps:

  1. Open a command window.
  2. Navigate to federation_install_dir.
  3. Enter XPSConfig. The command is case-sensitive on UNIX platforms.
  4. Enter SM.
  5. Enter the number for the LdapObjCertDbPath setting.
  6. Enter C to change the value.
  7. Specify the path to the certificate database for the Enter New Value prompt.

    Example:

    C:\Program Files\CA\Federation Standalone\ldaps\certdb
  8. Enter Q until you exit from XPSConfig.

    The new value is saved.

The correct certificate database is now in use.

Verify the SSL Connection to the LDAP Directory

Verify the SSL connection and so you are sure that the user directory connection is secured.

Follow these steps:

  1. Log in to the Administrative UI.
  2. Select User Directory.

    The User Directories screen appears. The table lists the names of existing user directory connections.

  3. Select Action, Modify next to the name of the user directory you want to test.

    The directory settings display.

  4. Click View Contents.

    If SSL is properly configured, the Directory Contents screen appears and lists the contents of the user directory.