- Obtain a .cer format certificate file from the directory server. Creating and exporting certificate files are different for each LDAP server vendor. Refer to your LDAP server administrator in order to obtain the correct certificate file.
For an example on how to obtain a certificate from the Windows Active Directory, see Example.
- Place the em_ldap_ssl.pem file into the <Control-M/EM_directory>\etc\keystore directory.
- Verify that a randomness device is installed on the Control-M/EM computer as follows:
- Locate either the random or urandom file in the /dev directory. If you find the random file, verify that its path is part of the search path.
- If neither of these files exist, open the <Control-M/EM_directory>/etc/ldap.conf file in a text editor.
- Locate the #TLS_RANDFILE <Control-M/EM_directory>/ini/ssl/rnd.bin line and remove the # character.
- Save the modified file.
- Set an environment variable named "LDAPCONF" with a value pointing to the "ldap.conf" file, which gets set by the EM UNIX account profile.
EXAMPLE: setenv LDAPCONF <Control-M/EM_directory>/ctm_em/etc/ldap.conf
- LDAP hosts must be resolvable in DNS. If not, add to file /etc/hosts a reference to IP address and hostname of the LDAP machine.
EXAMPLE: 1.2.3.4 host1.bmc.com
1.2.3.4 host1
- Restart all EM components by applying stop_all and start_all commands.
- Define an LDAP server that can communicate with Control-M/EM in SSL mode, as described in Defining LDAP system parameters.
If you do not apply all of the above steps, LDAP authentication in SSL mode fails.
- Recycle the GUI and CMS components.
