How do you setup ACF2 LDS to use AT-TLS?

Document ID : KB000014141
Last Modified Date : 14/02/2018
Show Technical Document Details

How do you setup ACF2 LDS to use AT-TLS?


You can set AT-TLS policy to create a SSL pipe for the IP/Port that your remote LDAP is running on and then configure LDS to establish a plain ldap:// connection to the SSL port of the LDAP Server.  When LDS goes to connect to LDAP, AT-TLS should establish the SSL connection (like a VPN tunnel) and then allow LDS to use ldap:// over the SSL channel.  The setup is all in AT-TLS and LDS just runs over that tunnel. 

The handshake role for the LDS LDAP connection should be set as a client. You can review the IBM Handshake Role doc for more info at: 

To avoid non-LDS LDAP client traffic matching the AT-TLS policy, you’ll probably want to specify the local IP address that LDS is using in the policy.