Go to main content

Working With Oracle® Solaris 11.3 Directory and Naming Services: LDAP

Exit Print View

Updated: September 2018

Setting Up TLS Security

If you are using transport layer security (TLS), you must install the necessary PEM certificate files before using the ldapclient command. In particular, install the self-signed server certificate and CA certificate files that are used to validate the LDAP server and possibly client access to the server are required. For example, if you have the PEM CA certificate certdb.pem, you must ensure that this file is added and readable in the certificate path.

Note -  The PEM certificate files must be readable by everyone. Do not encrypt or limit read permissions on these files. Otherwise, commands such as ldaplist fail to function.

For information about how to create and manage PEM format certificates, see Directory Server Security. After configuration, PEM certificate files must be stored in the location expected by the LDAP naming service client. The certificatePath attribute determines this location by default, which is in /var/ldap.