You can encrypt the communication between ARIS and the LDAP server.
To do so, you have two mutually exclusive options:
STARTTLS
This transforms a connection that was originally untrusted into an encrypted connection without using a specific port.
SSL
The connection between ARIS and the LDAP server is established using a specific port.
Prerequisite
The LDAP server has a valid SSL certificate and LDAP is activated.
ARIS Administration trusts the LDAP server. That means, the SSL certificate of the LDAP server or the certification authority is stored in the JRE database of trustworthy certificates.
ARIS trusts the LDAP server. Therefore, we recommend that you use the LDAP server with a certificate signed by a public certification authority. If your certificate is signed by a public certification authority and stored in the list of trustworthy certificates of your JRE, you do not need to configure anything else.
STARTTLS
You can use STARTTLS to configure encrypted communication between ARIS and the LDAP server.
Start ARIS.
Click Application launcher >
Administration. The Administration opens with the
Configuration view.
Click User management.
Click the arrow next to LDAP.
Click the arrow next to the relevant LDAP server.
Click Connection.
Click Edit.
Configure the URL for the LDAP system. To do so, enter the URL as in the Server URL field, for example:
ldap://hqgc.mycompany.com:3168.
Configure the fallback URL of the LDAP backup system in the Server URL (fallback) field. This backup system takes over automatically if the LDAP server cannot be reached via its primary URL.
Enable Use SSL.
Select STARTTLS from the SSL mode list.
Click Save.
.
You can upload the truststore file.
Prerequisite
You have the Technical configuration administrator function privilege.
Procedure
Click Application launcher >
Administration. The Administration opens with the
Configuration view.
Click User Management.
Click the arrow next to LDAP.
Click General settings.
Click Truststore. You must have generated a truststore file.
Click Upload. The Truststore dialog opens. Select the truststore file you want to use and click Upload.
Select the relevant file.
You have uploaded a truststore file
SSL
Start ARIS.
Click Application launcher >
Administration. The Administration opens with the
Configuration view.
Click User management.
Click the arrow next to LDAP.
Click the arrow next to the relevant LDAP server.
Click Connection.
Click Edit.
Configure the URL for the LDAP system. To do so, enter the URL as in the Server URL field, for example:
ldap://hqgc.mycompany.com:3168.
Configure the fallback URL of the LDAP backup system in the Server URL (fallback) field. This backup system takes over automatically if the LDAP server cannot be reached via its primary URL.
Enable Use SSL.
Select SSL from the SSL mode list.
Click Save.
You can upload the truststore file.
Prerequisite
You have the Technical configuration administrator function privilege.
Procedure
Click Application launcher >
Administration. The Administration opens with the
Configuration view.
Click User Management.
Click the arrow next to LDAP.
Click General settings.
Click Truststore. You must have generated a truststore file.
Click Upload. The Truststore dialog opens. Select the truststore file you want to use and click Upload.
Select the relevant file.
You have uploaded a truststore file