This section contains the following topics:
An LDAP directory:
The LDAP Directory Services (LDS) option allows security information to be directly accessible through LDAP compliant directory enabled applications.
Use LDS to provide:
CA Top Secret acts as an application client that uses an LDAP Application Program Interface (API) to format and communicate a request to the LDAP server. The CA Top Secret interface establishes a connection and communicates to the LDAP server through TCP/IP. Servers enabled with Secure Sockets Layer (SSL) technology protect unauthorized parties from viewing sensitive information during a secure session.
LDS runs in the CA Top Secret address space and requires additional CPU cycles to process the data. For example, 1,000 commands for security changes to 5 nodes results in 5,000 commands.
Administrative commands that create, modify, and delete ACIDs are valid for LDS. This includes CREATE, ADD, REPLACE, and DELETE of ACID records as well as password changes during system validation. The PERMIT and REVOKE commands are not valid for LDS and are not transmitted to LDAP servers.
Important! Use SSL if you are using LDS to propagate highly sensitive information.
To implementing the CA Top Secret LDS component:
The record fields are:
This record ID contains LDAP server information and field mapping and LDS global options.
This record ID defines global options available. The LDS parameter indicates that the LDS interface can be used.
This record ID allows unique mapping of LDAP attributes to CA Top Secret ACID fields for each LDAP server.
NDT defined global options override static global options, which are specified in the startup control options file.
|
Copyright © 2014 CA Technologies.
All rights reserved.
|
|