Configuring Security

You can configure the security level you require for your directory server by setting the administrator's name and password, defining the encryption method for all passwords stored in the directory, and specifying the security mode for your server.

Specifying the Administrator Name and Password

You can change the name and password of the administrator user at any time.

1. From the Admin Console main window, in the Security section, specify the name and password for the directory administrator.

   The administrator name and password are stored in the configuration file dsserv.conf, so that the administrator always has access to the directory. This is necessary so that the administrator can solve problems with access control, for example.

   By default, the administrator's password is encrypted using the default encryption method. If you want the password to be stored unencrypted, choose None from the Encryption method menu.

2. Click Apply to save your changes.

Specifying the Encryption Method

The encryption method you specify is used to encrypt the userPassword attribute that you can store in directory entries. There are two encryption methods:

• sunds: a reversible encryption mechanism compatible with CRAM MD5 authentication

• crypt(3): the encryption mechanism commonly applied to passwords stored in the /etc/passwd file. This method is not reversible and is incompatible with the CRAM MD5 authentication mechanism.

1. From the Admin Console main window, in the Security section, select the Encryption method for passwords from the menu button.

   The possible choices are: None, sunds, crypt.

2. Click Apply to save your changes.

Specifying the Security Mode

You can specify a security mode that guarantees that authentication takes place between the server and the client during the bind process, or that the entire communication between the server and the client is encrypted. You can also allow insecure binding. These options are not mutually exclusive. The security mode used for a particular connection is actually negotiated between the client and the server.

1. From the Admin Console main window, in the Security section, specify the Security modes supported by the server.

   The options are:

   • Insecure

   • TLS: establishes a secure connection at any time during an LDAP session by calling the Start TLS extended operation

   • SSL on Specific Port: opens a secure connection on the specified port (by default, port 636)

   You can enable several options.

2. Specify the following parameters:

   If you have selected TLS or SSL on Specific Port:

   • The SSL key package (usually the IP address of the host)

   • Whether you want the server to authenticate clients: set the SSL Client Verification flag to On

   If you have selected SSL on Specific Port:

   • A port number to use for SSL connections

3. Click Apply to save your changes.

   ---

   Note -

   Due to legal restrictions in certain countries, SSL is not available worldwide.

   ---