This technical document guides the user through the process of using LDAPSearch to connect to the directory over SSL.
In order to use LDAPsearch to connect to the directory over SSL, the LDAPsearch utility needs to trust the same RootCA certificate that published the CA Directory DSA certificates.
The method of setting up this trust and execution of LDAPSearch (SSL) is documented below.
Configure LDAPSearch to trust the RootCA
This step assumes that the RootCA certificate (in PEM format) that signed the DSA certificates is located in the file " C:\Program Files\CA\Directory\dxserver\config\ssld\trusted.pem ".
TLS_CACERT "C:\Program Files\CA\Directory\dxserver\config\ssld\trusted.pem" #TLS_REQCERT neverThe TLS_CACERT parameter should point to the rootCA certificate file that is trusted by the DSA.
Executing LDAPSearch with the SSL flag
The server is using the following certificate: Subject DN: CN=democorp, O=democorp, C=AU Issuer DN: CN=DXCertGenCA, O=DXCertGenPKI, C=AU Validity: Mon Sep 27 09:11:19 EST 2010 through Thu Sep 24 09:11:19 EST 2020 Do you wish to trust this certificate and continue connecting to the server? Please enter "yes" or "no":yesThen the search will be submitted and the search results displayed.
dn: cn=<User Name>,ou=Corporate,o=democorp,c=AU cn: <User Name> objectClass: inetOrgPerson objectClass: organizationalPerson objectClass: person objectClass: top sn: <Last Name> userPassword: <EncryptedPassword>