Authenticating against LDAP over TLS/SSL

To have Big Data Discovery Studio authenticate users against LDAP over TLS/SSL, export a certificate from your LDAP server and copy it to the cacerts keystore on the machine running Studio.

If your root Certificate Authority cert is issued internally by the company or if you have configured a self-signed certificate for your LDAP server, follow the steps below to export and copy it to the Java trust store on the machine running BDD Studio. If you are using a well-known commercial SSL CA certificate, it should already be present in the server's trust store and no further configuration is required.

To configure LDAP over TLS/SSL:

  1. On your LDAP server, export the Root Certificate Authority certificate to DER encoded binary X.509 .cer file format.
  2. Copy the exported .cer file to the $BDD_HOME/common/security/cacerts directory on the machine running BDD Studio.
  3. Import the certificate to the cacerts keystore: 
    $JAVA_HOME/jre/bin/keytool -import -trustcacerts -keystore $BDD_HOME/common/security/cacerts -storepass <password> -noprompt -<alias> MyRootCA -file <keystore_filepath>
    Where:
    • <password> is the cacerts password. By default this is changeit.
    • <alias> is the certificate's alias.
    • <keystore_filepath> is the absolute path to the .cer file you copied over in Step 2.
  4. Test your changes.