Enable SSL communication with LDAP server

Details

The communication layer between a DB2 instance and the LDAP server should be encrypted. It is recommended that the ENABLE_SSL parameter in the IBMLDAPSecurity.ini file be set to TRUE.

Enabling SSL will help ensure the confidentiality of authentication credentials and other information that is sent to and from the DB2 instance and the LDAP server.

Solution

Update the parameter value:
1. Connect to the DB2 host.
2. Edit the IBMLDAPSecurity.ini file
3. Add or modify the file to include the following parameter:
ENABLE_SSL = TRUE
Notes:
The file is located under INSTANCE_HOME/sqllib/cfg/, for Unix; and %DB2PATH%cfg, for MS Windows.

Supportive Information

The following resource is also helpful.

https://workbench.cisecurity.org/files/1654

This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Windows.

References

800-53|SC-8(1)

Source

Tenable.com/audits

Updated on July 16, 2022

Was this article helpful?

Yes No

Details

Solution

Supportive Information

References

Source

Related Articles