4.6.8 LDAP Tab (Reflection Certificate Manager)

Getting there

The Lightweight Directory Access Protocol (LDAP) is a standard protocol that can be used to store information in a central location and distribute that information to users. Administrators can configure an LDAP server to distribute information needed by users who are authenticating with certificates. This information can include:

  • Certificate Revocation Lists (CRLs), which are used to ensure that certificates being used have not been revoked by the certification authority.

  • Intermediate certificates needed to establish a valid certification path from the server certificate to a trusted root certification authority.

Use the LDAP tab of the Reflection Certificate Manager to list LDAP servers that distribute this information. The options are:

Add

Add an LDAP server to the list. Specify the server using the following URL format:

ldap://hostname[:portnumber]

For example:

ldap://ldapserver.myhost.com:389

Modify

Edit the server URL.

Remove

Remove the selected server from the list.

NOTE:

  • It is not necessary to configure an LDAP server to use CRL checking. When CRL checking is enabled, validation includes CRLs in any location specified in the CRL Distribution Point (CDP) field of the certificate. Configuring an LDAP server provides an additional mechanism for retrieving CRL lists.

  • Server URLs that use the LDAPS scheme (for example, ldaps://hostname:port) to transfer LDAP data using SSL are not supported.