Preparing LDAP for SBM

On-premise only.

If you will connect to LDAP using a secure connection, you must prepare your system according to the information below.

The CA Certification file is generated differently for each directory service. To determine how your CA Certification file is generated, consult your directory's documentation on how to set up a certificate authority and generate a DER-encoded root certificate or a PEM-encoded multi-certificate chain of trust.

Once you've created the root certificate, perform the following steps:

  1. Using the newly-generated root certificate, sign a server certificate for the LDAP server.
  2. Place the root certificate on the server that hosts SBM Application Engine and enter the full path to that root certificate in the Certificate location field.
  3. Grant the Internet Guest Account (IUSR_machinename) permissions to this directory. This is required to ensure that authentication succeeds when you deploy process apps from SBM Composer or SBM Application Repository.
  4. Clear the Secure connection check box to successfully connect to the LDAP server without using the key file to make sure that you have it configured properly.
  5. Select the Secure connection check box and verify the full path in the Certificate location field.
  6. Test again and it should connect successfully.
    Note: If you are using multiple Web servers, the key file must either reside in a fully qualified network path accessible by all servers or a copy of the key file must reside in identically named paths on each server. For performance considerations, copy the key file in identically named paths on each server.