Storing information for encrypted passwords for your LDAP servers

You store information about passwords for binding to LDAP directories in the pkiserv.conf configuration file. Passwords can be in clear text or encrypted. By default, the pkiserv.conf configuration file contains Server1, AuthName1, and AuthPwd1 parameters; these lines are for specifying your LDAP bind information, including passwords, in clear text: (For more than one LDAP server, you add additional lines, Server2, AuthName2, AuthPwd2, Server3, AuthName3, AuthPwd3, and so forth.) If you want to use encrypted passwords for your LDAP servers, you delete all these lines, uncomment (remove the #) from the BindProfile1 line at the bottom of the file, and correct the profile value that is specified, if necessary. (See Using encrypted passwords for LDAP servers for information about setting up this bind profile in RACF®). For more than one LDAP server, you add additional lines: BindProfile2, BindProfile3, and so forth.

PKI Services performs the following processing when locating LDAP bind information:
  1. The Servern line specifies the fully qualified domain and port of your LDAP server. If your file contains a Servern line, PKI Services looks for the matching AuthNamen and AuthPwdn lines and uses these values.
  2. The BindProfilen parameter specifies the name of the LDAPBIND class profile. If your file does not contain a Servern line but does contain a BindProfilen line, PKI Services looks for the bind information in the LDAPBIND class profile. (If Servern is present, PKI Services does not look for bind information in BindProfilen, even if the value in Servern is incorrect.)
  3. If neither is present for a specific server, then PKI Services uses the default from IRR.PROXY.DEFAULTS in the FACILITY class.
Parent topic: Tailoring the PKI Services configuration file for LDAP