Siebel Security Guide > Security Adapter Authentication > Process of Installing and Configuring LDAP Client Software >

Considerations for Secure LDAP Using SSL

This topic provides information on using LDAP authentication with SSL. The IBM LDAP Client requires that IBM GSKit be installed, if SSL must be supported. The LDAP libraries and utilities provided with the LDAP Client use the SSL libraries, if present. The SSL libraries are provided with IBM GSKit.

This task is a step in Process of Installing and Configuring LDAP Client Software.

NOTE:  When you use the LDAP security adapter to authenticate users against Active Directory, you must configure SSL between the LDAP security adapter and Active Directory if you want to manage user passwords or create new users in the Active Directory.

• If IBM GSKit has been installed, the LDAP libraries dynamically load the SSL libraries and use them to enable support for SSL, when SSL is configured.
• If IBM GSKit has not been installed and the SSL libraries are not available, the LDAP library is fully functional, with the exception of SSL support.

By using SSL with server authentication, an LDAP application can use simple LDAP authentication (user ID and password) over a secure, encrypted communication connection. SSL provides for the establishment of a secure connection between the LDAP client application and the LDAP server. In addition, SSL provides data confidentiality (encryption) on connections protected by SSL. Authentication of servers to clients is accomplished with X.509 certificates.

These installation instructions assume that SSL capability is, or will be, required for Siebel LDAP authentication. Therefore, the LDAP client installation process includes IBM GSKit installation as an integral part. If you are absolutely sure that SSL will never be turned on for Siebel LDAP authentication, you do not have to install IBM GSKit.