You can use Transport layer security (TLS) to secure communication between an LDAP client and the directory server and thus ensure both privacy and data integrity. The TLS protocol is a superset of the Secure Sockets Layer (SSL) protocol. The LDAP naming service supports TLS connections. However, using SSL adds load to the directory server and the client.
The following is a list of requirements to use TLS:
Configuration of the directory server and LDAP clients for SSL.
To configure Oracle Directory Server Enterprise Edition for SSL, see the Administration Guide for the version of Oracle Directory Server Enterprise Edition that you are using.
Installation of the necessary security databases, specifically the certificate and key database files.
If you use an older database format from Netscape Communicator, install cert7.db and key3.db.
If you use a new database format from Mozilla, install cert8.db, key3.db, and secmod.db.
The cert* files contain trusted certificates. The key3.db file contains the client's keys. You must install the key3.db file even if the LDAP naming service client does not use client keys. The secmod.db file contains the security modules such as the PKCS#11 module.
To set up TLS security, see Setting Up TLS Security.