It's all about the answers!

Ask a question

using secure LDAP or LDAPS protocol for authentication is it supported for CLM 4.x?

anup Gaur (1392444) | asked Aug 09 '14, 2:57 p.m.
edited Aug 19 '14, 6:13 p.m. by Stephanie Taylor (24115)
Does CLM 4.0.6 support secure LDAP or te LDAPS protocol. Although my jts /setup works fine with Tomcat and Windows AD LDAP authentication using ldap://dchost:389 format. the same does not work for the ldaps://myserver:636. Is it not supported or something else needs to be done?

The forum below doesnot solve this problem. So two things here. Is it supported when using Tomcat. If yes then does simply changing the protocol to ldaps with secure port will it do the trick? I think we need to have a certificate installed somewhere.

2 answers

permanent link
Rohit Balduwa (945511) | answered Aug 11 '14, 12:49 a.m.
Hi Anup

Yes, you can configure Lightweight Directory Access Protocol over SSL (LDAPS) for IBM Rational Team Concert on Apache Tomcat.

There are 2 steps required to configure Lightweight Directory Access Protocol over SSL (LDAPS) for Rational Team Concert running on Apache Tomcat

  1. Import the certificate from your LDAP server into Apache Tomcat's trust store
  2. Rerun the steps documented in Managing users with Lightweight Directory Access Protocol (LDAP) ( to configure your Rational Team Concert to connect to LDAP through the secure port.

For Part 1, follow the below steps:

Below are steps to import a certificate into Apache Tomcat's trust store:

  1. Stop the Apache Tomcat server
  2. Obtain the certificate from the LDAPS server (an LDAP Administrator should be able to provide the certificate file)
    In this example, the certificate file in the *.der format

  3. Navigate to "..\\JazzTeamServer\server\jre\bin" directory
  4. Double click on ikeyman.exe to launch
  5. Click on the Open button and browse to the "..\\JazzTeamServer\server\jre\lib\security" directory
  6. Select to view all file types. You should see a file called 'cacerts' in the list
  7. Open the 'cacerts' file

  8. IBM Key Management will prompt for a password
    Enter 'changeit' and click OK. A list of 'Signer Certificates' will display (see below)
    Note: 'changeit' is a default password. If you have changed it, you will need to enter your own password

  9. Click on the 'Add' button to add a certificate from file
  10. Browse to the certificate file and click on OK to add

  11. This will open a prompt for a certificate name. Enter a name and click OK
  12. Exit from ikeyman by selecting "Key Database File > Exit" from the main menu
  13. Start the server

Details from the technote:

If this answers your question please mark it as accepted.

permanent link
Krzysztof Ka┼║mierczyk (7.5k477103) | answered Mar 02 '21, 3:43 a.m.

The same document for Liberty configuration:

Your answer

Register or to post your answer.

Dashboards and work items are no longer publicly available, so some links may be invalid. We now provide similar information through other means. Learn more here.