How do you setup ACF2 or Top Secret LDS (LDAP Directory Services) to use AT-TLS?

Release:
Component: ACF2MS, TSSMVS

You can set AT-TLS policy to create a SSL pipe for the IP/Port that your remote LDAP is running on and then configure LDS to establish a plain ldap:// connection to the SSL port of the LDAP Server. When LDS goes to connect to LDAP, AT-TLS should establish the SSL connection (like a VPN tunnel) and then allow LDS to use ldap:// over the SSL channel. The setup is all in AT-TLS and LDS just runs over that tunnel. 

The handshake role for the LDS LDAP connection should be set as a client. Review the IBM Handshake Role doc for more information.  

To avoid non-LDS LDAP client traffic matching the AT-TLS policy, you’ll probably want to specify the local IP address that LDS is using in the policy.