Configuring Directory Assistance for SSLAdded by IBM on November 23, 2011 | Version 1 (Original)
|Modifying the IBM® Lotus® Domino® Directory Assistance document is required when you use SSL to encrypt data transmitted between the IBM Sametime® and the LDAP server. This procedure is needed when you are using Sametime Classic Meetings, using the Sametime Community Server.
Modifying the IBM
® Directory Assistance document is required when you use SSL to encrypt data transmitted between the IBM Sametime
® and the LDAP server. This procedure is needed when you are using Sametime
Classic Meetings, using the Sametime
About this task
In this procedure, you modify the Directory Assistance document for the LDAP server to ensure that the connection between the Sametime
server and the LDAP server is encrypted using SSL.
Parent topic: Enabling encryption between Sametime and the LDAP server
Previous topic: Importing a copy of the LDAP server's trusted root certificate
Next topic: Connecting Sametime to the LDAP server
- From a Lotus Notes® client, open the Directory Assistance database da.nsf.
- Click File -> Database -> Open.
- For the Server, select Local.
- Select the Directory Assistance database (da.nsf).
- Click Open.
- In the Directory Assistance database, double-click the Directory Assistance document for the LDAP server to open the document.
- Click Edit Directory Assistance.
- Next, click the Basics tab.
- In the Make this domain available to: field, select Notes Clients & Internet Authentication/Authorization.
- Now click the LDAP tab.
- Fill in the following fields
|Channel encryption||Select SSL.|
|Port||Specify the same port that appears in the LDAP SSL port field of the "LDAP Directory - Connectivity" options in the Sametime Administration Tool|
This port is the one on which the LDAP server listens for SSL connections; the default is port 636.
|Accept expired SSL certificates||Select Yes (the default setting) to accept a certificate from the LDAP directory server, even if the certificate has expired.|
For tighter security, select No to require the Sametime server to check certificate expiration dates. If the certificate presented by the LDAP server has expired, the connection is terminated.
|SSL protocol version||Select the version number of the SSL protocol to use. The choices are:
- V2.0 only - This setting allows only SSL 2.0 connections.
- V3.0 handshake - This setting attempts an SSL 3.0 connection. If this connection attempt fails but Sametime detects that SSL 2.0 is available on the LDAP server, Sametime attempts the connection using SSL 2.0.
- V3.0 only - This setting allows only SSL 3.0 connections.
- V3.0 and V2.0 handshake - This setting attempts an SSL 3.0 connection, but starts with an SSL 2.0 handshake that displays relevant error messages. This setting is used to receive V2.0 error messages when trying to connect to the LDAP server. These error message might provide information about any compatibility problems found during the connection.
- Negotiated - This setting allows SSL to determine the handshake and protocol version required.
|Verify server name with remote server's certificate||Select Enabled (the default setting) to verify the server name with the remote server's certificate.|
If Enabled is selected, the Sametime server verifies the name of the LDAP server with the remote server's certificate. If the names do not match, the connection is terminated. For more relaxed security, select Disabled (the server name is not verified with the certificate).
- Click Save and Close to close the Directory Assistance document.
- Close the Directory Assistance database.