How to configure Spectrum to authenticate with Secure LDAP (LDAPS)
search cancel

How to configure Spectrum to authenticate with Secure LDAP (LDAPS)


Article ID: 189496


Updated On:


CA Spectrum DX NetOps


How to configure Spectrum to authenticate with Secure LDAP (LADPS)


Release : 10.3.x, 10.4.x

Component : SPCOCK: Spectrum OneClick


1.  Import the Signed Active Directory Server Certificate into the OneClick Server. 

(You can verify which keystore OneClick is using for the purposes of LDAP Configuration by viewing the SPECROOT\tomcat\bin\OneClickService.conf file

IMPORTANT:   Before saving any LDAP\LDAPS Configuration settings ensure you have an account that is a Spectrum SuperUser and you have validated the internal Spectrum password for this account.    This account type will bypass LDAP authentication if the LDAP server is unavailable.

Once the LDAPS settings have been configured test the connection before saving it:

If the connection returns successful you can save the configuration:

Steps to Enable LDAPS:

1.  Change LDAP Configuration with the host name and port (the well defined port is 636) for LDAPS and enable SSL.  When using SSL you cannot specify an IP Address.
NOTEIf using enabled SSL for LDAP and test connection fails after importing the certificate, it is possible the port is other than 636. Check with your LDAP/AD team to verify the correct SSL port number. 

2.  Add the LDAP Signed Certificate to the OneClick Keystore.    (This can be done via the OneClick UI, Keytool.exe or an SSL management tool such as Portecle)

Additional Information

Example Keytool Command to import the LDAP certificate:

./keytool -import -alias ldaps -keystore $SPECROOT/custom/keystore/cacerts -trustcacerts -file certificate_filename

LDAP transmits communications in Clear Text, and LDAPS communication is encrypted and secure.

Lightweight Directory Access Protocol

Implementing LDAPS (LDAP over SSL)