8.6 Enable SSL communication with LDAP server

Information

The communication layer between a DB2 instance and the LDAP server should be encrypted. It is recommended that the ENABLE_SSL parameter in the IBMLDAPSecurity.ini file be set to TRUE.

Enabling SSL will help ensure the confidentiality of authentication credentials and other information that is sent to and from the DB2 instance and the LDAP server.

Solution

Update the parameter value:
1. Connect to the DB2 host.
2. Edit the IBMLDAPSecurity.ini file
3. Add or modify the file to include the following parameter:
ENABLE_SSL = TRUE
Notes:
The file is located under INSTANCE_HOME/sqllib/cfg/, for Unix; and %DB2PATH%\cfg\, for MS Windows.

See Also

https://workbench.cisecurity.org/files/1654

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-8(1)

Plugin: Windows

Control ID: 39f19304c55482113d91aadb0b9dcbc3c455eb2605167fa4636057168a637c4d