tls server validation

Instruct the LDAP connector to connect to the LDAP server using TLS.

USYS$LDP_PARAMS { = } tls server validation={validate | v} | {ignore_name | in}

Values can be combined using + or &. For example:

  • USYS$LDP_PARAMS = tls server validation=valid+ignore_name
  • USYS$LDP_PARAMS tlssv=v&in
  • USYS$LDP_PARAMS tlssv=ignore_name

Arguments

  • validate or v—use TLS and validate the server by checking its certificate and validating the server name. (Default)
  • ignore_name or in—check the certificate but do not validate the server name.

Description

For Windows, the CA certificate must be placed in the Windows Certificate Trust Store in the client, so that the server's certificate can be validated.

For Unix, the location is specified by either the option tls_ca_file or the option tls ca directory. Either of these settings will implicitly set tls server validation=validate, if the option is not specified. For more information, see tls ca file | directory.

Related Topics