Jump to: navigation, search

Technical Notes

SSL Parameters

Genesys LDAP Authentication supports SSLv3 and TLSv1. It supports server authentication and server+client authentication.

If the LDAP server is configured to perform server-only authentication, then the only SSL parameter to configure is cacert-path, which specifies a file where the Certificate Authority certificate file that is related to the LDAP server is stored.

If the LDAP server is configured to perform server and client authentication, there must be two additional parameters configured besides cacert-path: cert-path which specifies a file where the client certificate is stored and key-path is stored where the client’s private key is stored.

 

Important
Genesys LDAP Authentication supports only the PEM (Base64) format of the certificates. You must convert certificates of all other formats to the PEM (Base64) format.

Application Account

Your LDAP server may not allow an anonymous BIND operation. Instead, configure a dedicated account (called “the application account”) that will be able to BIND and perform searches for the distinguishing name of the user being authenticated as defined the search clause in the ldap-url option (see ldap-url) for this connection.

This page was last edited on August 1, 2014, at 14:21.
Comments or questions about this documentation? Contact us for support!