Exit Print View

Sun OpenDS Standard Edition 2.2 Administration Guide

Get PDF Book Print View
 

Document Information

Before You Start

Starting and Stopping Your Server Instance

Configuring the Server Instance

Configuring the Proxy Components

Configuring Security Between Clients and Servers

Getting SSL Up and Running Quickly

To Accept SSL-Based Connections Using a Self-Signed Certificate

Configuring Key Manager Providers

Key Manager Provider Overview

Using the JKS Key Manager Provider

To Generate the Private Key

To Self-Sign the Certificate

To Sign the Certificate by Using an External Certificate Authority

To Configure the JKS Key Manager Provider

Using the PKCS #12 Key Manager Provider

Using the PKCS #11 Key Manager Provider

Configuring Trust Manager Providers

Overview of Certificate Trust Mechanisms

Using the Blind Trust Manager Provider

Using the JKS Trust Manager Provider

Using the PKCS #12 Trust Manager Provider

Configuring Certificate Mappers

Using the Subject Equals DN Certificate Mapper

Using the Subject Attribute to User Attribute Certificate Mapper

Using the Subject DN to User Attribute Certificate Mapper

Using the Fingerprint Certificate Mapper

Configuring SSL and StartTLS for LDAP and JMX

Configuring the LDAP and LDAPS Connection Handlers

To Enable a Connection Handler

To Specify a Connection Handler's Listening Port

To Specify a Connection Handler's Authorization Policy

To Specify a Nickname for a Connection Handler's Certificate

To Specify a Connection Handler's Key Manager Provider

To Specify a Connection Handler's Trust Manager Provider

To Enable StartTLS Support

To Enable SSL-Based Communication

Enabling SSL in the JMX Connection Handler

Using SASL Authentication

Supported SASL Mechanisms

Authorization IDs

SASL Options for the ANONYMOUS Mechanism

SASL Options for the CRAM-MD5 Mechanism

SASL Options for the DIGEST-MD5 Mechanism

SASL Options for the EXTERNAL Mechanism

SASL Options for the GSSAPI Mechanism

SASL Options for the PLAIN Mechanism

Configuring SASL Authentication

Configuring SASL External Authentication

Configuring SASL DIGEST-MD5 Authentication

Configuring SASL GSSAPI Authentication

Configuring Kerberos and the Sun OpenDS Standard Edition Directory Server for GSSAPI SASL Authentication

To Configure Kerberos V5 on a Host

To Specify SASL Options for Kerberos Authentication

Example Configuration of Kerberos Authentication Using GSSAPI With SASL

Troubleshooting Kerberos Configuration

Testing SSL, StartTLS, and SASL Authentication With ldapsearch

ldapsearch Command Line Arguments Applicable To Security

Testing SSL

Testing StartTLS

Testing SASL External Authentication

Controlling Connection Access using Allowed and Denied Rules

Configuration

Configuring Security Between the Proxy and the Data Source

Configuring Servers With the Control Panel

Managing Directory Data

Replicating Directory Data

Controlling Access To Data

Managing Users and Groups

Monitoring Sun OpenDS Standard Edition

Improving Performance

Advanced Administration

Configuring Security Between Clients and Servers

Sun OpenDS Standard Edition provides several mechanisms to secure traffic between the client and the server. The topics in this section describe these mechanisms, and how to configure them.

For information about securing access to directory data, see Controlling Access To Data.

For information about configuring security between the Sun OpenDS Standard Edition proxy and the directory server or data source, see Configuring Security Between the Proxy and the Data Source.

This section covers the following topics: