User authentication for Lightweight Directory Access Protocol (LDAP) now supports the Secure Sockets Layer/Transport Layer Security (SSL/TLS) protocol, as described in the Adaptive Server 15.0.2 New Features Guide, for Solaris 32-bit, 64-bit, Linux AMD 64, and Linux 32-bit on Intel platforms. This feature provides secure data transmission between Adaptive Server and an LDAP server, and is called LDAPS.
LDAPS provides data transmitted between Adaptive Server and LDAPS servers.
Make sure that all trusted root certificates are located in the same file.
After you define the trusted servers, Adaptive Server configures a secure connection, where servername is the name of the current Adaptive Server. If you:
Have defined $SYBASE_CERTDIR, Adaptive Server loads certificates from $SYBASE_CERTDIR/servername.txt (for UNIX) or %SYBASE_CERTDIR%\servername.txt (for Windows).
Have not defined $SYBASE_CERTDIR Adaptive Server loads certificates from $SYBASE/$SYBASE_ASE/certificates/servername.txt (for UNIX) or %SYBASE%\%SYBASE_ASE%\certificates\servername.txt (for Windows).
Restart Adaptive Server to change the trusted root certificate file.
Use sp_ldapadmin, specifying ldaps:// URLs instead of ldap:// URLs, to establish a secure connection to a secure port of the LDAPS server.
Establish a TLS session over a plain TCP connection:
Configure an LDAPS connection
sp_ldapadmin 'starttls_on_primary', {true | false}
or
sp_ldapadmin 'starttls_on_secondary', {true | false}
LDAPS connections do not have a connect timeout option;
if the LDAP server stops responding, all login connections also
stop responding.
