Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Authentication is the act of verifying the identity of a user. User login into Jethro is authenticated by an LDAP server (except for the Jethro admin user). When Authentication is enabled, Jethro will enforce all clients to authenticate themselves in order to determine their operations and access policies. If a user is no longer authenticated by the LDAP (after connection), the client connection will drop within a configured time.

...

ldap.ssl.certificate.path=<path-to-CA-certificate-file> - To use LDAP over SSL/TLS a CA-certificate should be imported by an admin to the trust store on the Jethro host. Once the certificate file is available and readable by jethro user on the host, set the parameter to point to the location of the certificate file. Any update of the certificate file path will require server restart to take effect. Default value: empty.

Note: from version 3.5.0 ldap ssl without certificate is allowed, thus making proving certificate file value not mandatory. If certificate is not provided succsuful SSL/TLS connectivity to the LDAP server depend on on LDAP server security settings. 

ldap.ssl.enabled - To enable LDAPS (secure LDAP), set the value to 1. When ldap.ssl.enabled is set to 1, the parameter ldap.ssl.certificate.path becomes mandatory. Default value: 0.

...

Examples

set global ldap.uri=10.1.1.30;
set global Ldap.port = 389;

...