It's all about the answers!

Ask a question

using secure LDAP or LDAPS protocol for authentication is it supported for CLM 4.x?


anup Gaur (139729) | asked Aug 09 '14, 2:57 p.m.
edited Aug 19 '14, 6:13 p.m. by Stephanie Taylor (24115)
Does CLM 4.0.6 support secure LDAP or te LDAPS protocol. Although my jts /setup works fine with Tomcat and Windows AD LDAP authentication using ldap://dchost:389 format. the same does not work for the ldaps://myserver:636. Is it not supported or something else needs to be done?

The forum below doesnot solve this problem. So two things here. Is it supported when using Tomcat. If yes then does simply changing the protocol to ldaps with secure port will it do the trick? I think we need to have a certificate installed somewhere.

One answer



permanent link
Rohit Balduwa (935310) | answered Aug 11 '14, 12:49 a.m.
Hi Anup

Yes, you can configure Lightweight Directory Access Protocol over SSL (LDAPS) for IBM Rational Team Concert on Apache Tomcat.

There are 2 steps required to configure Lightweight Directory Access Protocol over SSL (LDAPS) for Rational Team Concert running on Apache Tomcat

  1. Import the certificate from your LDAP server into Apache Tomcat's trust store
  2. Rerun the steps documented in Managing users with Lightweight Directory Access Protocol (LDAP) (http://pic.dhe.ibm.com/infocenter/clmhelp/v3r0m1/index.jsp?topic=%2Fcom.ibm.jazz.install.doc%2Ftopics%2Fc_plan_identity_management.html) to configure your Rational Team Concert to connect to LDAP through the secure port.


For Part 1, follow the below steps:

Below are steps to import a certificate into Apache Tomcat's trust store:

  1. Stop the Apache Tomcat server
  2. Obtain the certificate from the LDAPS server (an LDAP Administrator should be able to provide the certificate file)
    In this example, the certificate file in the *.der format

  3. Navigate to "..\\JazzTeamServer\server\jre\bin" directory
  4. Double click on ikeyman.exe to launch
  5. Click on the Open button and browse to the "..\\JazzTeamServer\server\jre\lib\security" directory
  6. Select to view all file types. You should see a file called 'cacerts' in the list
  7. Open the 'cacerts' file


  8. IBM Key Management will prompt for a password
    Enter 'changeit' and click OK. A list of 'Signer Certificates' will display (see below)
    Note: 'changeit' is a default password. If you have changed it, you will need to enter your own password


  9. Click on the 'Add' button to add a certificate from file
  10. Browse to the certificate file and click on OK to add


  11. This will open a prompt for a certificate name. Enter a name and click OK
  12. Exit from ikeyman by selecting "Key Database File > Exit" from the main menu
  13. Start the server

Details from the technote:

http://www-01.ibm.com/support/docview.wss?uid=swg21508904

If this answers your question please mark it as accepted.


Your answer


Register or to post your answer.