Considerations if Using LDAP Authentication with TLS

This topic provides information on using LDAP authentication with TLS. The Oracle LDAP Client requires that Oracle Wallet Manager is installed if TLS must be supported. The LDAP libraries and utilities provided with the Oracle LDAP Client use the TLS libraries provided with Oracle Wallet Manager.

This task is a step in Installing and Configuring Oracle LDAP Client Software.

• If Oracle Wallet Manager is installed, then the LDAP libraries dynamically load the TLS libraries and use them to enable TLS, when TLS is configured.

• If Oracle Wallet Manager is not installed and the TLS libraries are not available, then the LDAP library is fully functional, with the exception of TLS support.

By using TLS with server authentication, an LDAP application can use simple LDAP authentication (user ID and password) over an encrypted communication connection between the LDAP client application and the LDAP server. In addition, TLS provides data confidentiality (encryption) on connections protected by TLS. Authentication of servers to clients is accomplished with X.509 certificates.

It is assumed that TLS capability is, or will be, required for Siebel LDAP authentication. Therefore, the LDAP client installation process includes Oracle Wallet Manager installation as an integral part. If you are absolutely sure that TLS will never be turned on for Siebel LDAP authentication, then you do not have to install Oracle Wallet Manager.