1.  Import the Signed Active Directory Server Certificate into the OneClick Server. 

(You can verify which keystore OneClick is using for the purposes of LDAP Configuration by viewing the SPECROOT\tomcat\bin\OneClickService.conf file



IMPORTANT:   Before saving any LDAP\LDAPS Configuration settings ensure you have an account that is a Spectrum SuperUser and you have validated the internal Spectrum password for this account.    This account type will bypass LDAP authentication if the LDAP server is unavailable.

Once the LDAPS settings have been configured test the connection before saving it:



If the connection returns successful you can save the configuration:



Steps to Enable LDAPS:

1.  Change LDAP Configuration with the host name and port (the well defined port is 636) for LDAPS and enable SSL.  When using SSL you cannot specify an IP Address.

 

NOTE: If using enabled SSL for LDAP and test connection fails after importing the certificate, it is possible the port is other than 636. Check with your LDAP/AD team to verify the correct SSL port number. 

2.  Add the LDAP Signed Certificate to the OneClick Keystore.    (This can be done via the OneClick UI, Keytool.exe or an SSL management tool such as Portecle)