Skip Navigation Links | |
Exit Print View | |
Oracle Directory Server Enterprise Edition Administration Guide 11g Release 1 (11.1.1.5.0) |
Part I Directory Server Administration
2. Directory Server Instances and Suffixes
3. Directory Server Configuration
Using SSL With Directory Server
To View the Default Self-Signed Certificate
To Manage Self-Signed Certificates
To Request a CA-Signed Server Certificate
To Add the CA-Signed Server Certificate and the Trusted CA Certificate
To Renew an Expired CA-Signed Server Certificate
To Export and Import a CA-Signed Server Certificate
Configuring the Certificate Database Password
To Configure the Server So the User is Prompted for a Certificate Password
Backing Up and Restoring the Certificate Database for Directory Server
Disabling Non Secure Communication
To Disable the LDAP Clear Port
To Choose an Encryption Cipher
Configuring Credential Levels and Authentication Methods
Setting SASL Encryption Levels in Directory Server
SASL Authentication Through DIGEST-MD5
To Configure the DIGEST-MD5 Mechanism
SASL Authentication Through GSSAPI
To Configure the Kerberos System
To Configure the GSSAPI Mechanism
Configuring LDAP Clients to Use Security
Using SASL DIGEST-MD5 in Clients
Specifying Environment Variables
Examples of the ldapsearch Command
Using Kerberos SASL GSSAPI in Clients
To Configure Kerberos V5 on a Host
To Specify SASL Options for Kerberos Authentication
Example Configuration of Kerberos Authentication Using GSSAPI With SASL
Configuring PTA to Use a Secure Connection
Setting the Optional Connection Parameters
Specifying Multiple Servers and Subtrees
6. Directory Server Access Control
7. Directory Server Password Policy
8. Directory Server Backup and Restore
9. Directory Server Groups, Roles, and CoS
10. Directory Server Replication
13. Directory Server Attribute Value Uniqueness
15. Directory Server Monitoring
Part II Directory Proxy Server Administration
16. Directory Proxy Server Tools
17. Directory Proxy Server Instances
19. Directory Proxy Server Certificates
20. Directory Proxy Server Load Balancing and Client Affinity
21. Directory Proxy Server Distribution
22. Directory Proxy Server Virtualization
23. Virtual Data Transformations
24. Connections Between Directory Proxy Server and Back-End LDAP Servers
25. Connections Between Clients and Directory Proxy Server
26. Directory Proxy Server Client Authentication
27. Directory Proxy Server Logging
28. Directory Proxy Server Monitoring and Alerts
Part III Directory Service Control Center Administration
Directory Server supports several mechanisms that provide secure and trusted communications over the network. LDAPS is the standard LDAP protocol that runs on top of the Secure Sockets Layer (SSL). LDAPS encrypts data and optionally uses certificates for authentication. When the term SSL is used in this chapter, it means the supported protocols SSL2, SSL3 and TLS 1.0.
Directory Server also supports the Start Transport Layer Security (Start TLS) extended operation to enable TLS on an LDAP connection that was originally not encrypted.
In addition, Directory Server supports the Generic Security Service API (GSSAPI) over the Simple Authentication and Security Layer (SASL). The GSSAPI allows you to use the Kerberos Version 5 security protocol on the Solaris and Linux operating systems. An identity mapping mechanism then associates the Kerberos principal with an identity in the directory.
For additional security information, see the NSS web site at http://www.mozilla.org/projects/security/pki/nss/.
This chapter provides procedures for configuring security through SSL. For information about ACIs, see Chapter 6, Directory Server Access Control. For information about user access and passwords, see Chapter 7, Directory Server Password Policy.
This chapter covers the following topics: