What are the changes to LDAP authentication in SDMS and LMS in NuGenesis 9.2? - WKB208780

ENVIRONMENT

• NuGenesis 9.2

ANSWER

In SDMS, the "Use TLS" check box (formerly labeled "Use SSL" in NuGenesis 8) is removed. In its place is a new list box labeled "Authentication Type". This list has three options: Plain Text, StartTLS, and LDAPS. Plain Text is LDAP without encryption. StartTLS is LDAP with encryption via sending the "STARTTLS" command through port 389. LDAPS is LDAP with encryption over port 636. The certificates are still stored in the Trusted Root Certificate Authorities store in Windows.

In LMS, the LDAP configuration in the LMS client UI was simplified and is similar to the SDMS LDAP configuration. However, the LMS JBOSS server is still the component that connects to the LDAP servers, and the certificates must therefore still be in the Java keystore. LMS in 9.2 also supports the StartTLS method in addition to LDAPS; previously, the only option in LMS was LDAPS.

ADDITIONAL INFORMATION

Two authentication types are now available in SDMS and LMS because of a change in Microsoft AD servers that breaks our implementation of the "StartTLS" method. StartTLS is the standard way to start a secure LDAP connection, but the LDAP Signing policy in Windows, if active, will break these connections. Therefore, the LDAPS method was added as an option.