How to change in Clarity from LDAP to LDAP over SSL

Document ID : KB000129982
Last Modified Date : 25/03/2019
Show Technical Document Details
Question:
I need to change the LDAP authentication to the SSL but I change the port and it just does not work.
Answer:
You have your Clarity bind to Active Directory (LDAP port 389) and you need to change this configuration to Active Directory over SSL (DLAPS port 636, LDS, LDAP SSL).

To start with, you have to have a certificate that will be given to you that must be generated from the LDAP SSL server and with this certificate, you will have to load it on the server where the Clarity CA PPM CSA server, only then you will be enabled to change the configuration under the CSA.

Here are the steps, that will go with an Example to help us:

1.- Under where the Java is installed in the bin directory you will install the certificate:

CD X:\CA\Java\jre1.8.0_171\lib\security\
keytool -import -keystore cacerts -alas <adcert> -file <certificate.cer> -keyalg RSA -trustcacerts -storepass changeit


2.- Log in the Clarity CA PPM CSA and in the Serer name, in the Security TAB you will need to change under the LDAP Server, the URL syntax:
Example:
LDAP Server
               URL     ldap://LDAP_server_name:389

Change this to 
LDAP Server
               URL      ldaps ://LDAP_server_name:636

Please press the [Save], to save all the configuration.

3.- Plese recycle the Clarity services in order to take action.
Example:
> Open a CMD
> Service stop start all