Configuring Talend Data Catalog to securely connect via LDAPS to the Enterprise directory

In LDAP authentication, the user password is not managed by the software and is simply passed through to the LDAP system.

This password is not encrypted when communicated between the client and the server. You can specify HTTPS protocol communication to ensure encryption.

This password is also not encrypted when communicated between the server and LDAP. You can specify LDAPS protocol communication and use SSL to encrypt.

In order to support LDAPS, the Talend Data Catalog Tomcat service does not itself need to be configured to work with LDAPS for encryption of passwords.

To enable secure SSL communication between Talend Data Catalog and LDAP servers, the administrator needs to import the trusted certificate, that the LDAP server is using into the JRE that the Talend Data Catalog application server is using.

For more information about the process, see http://docs.oracle.com/javase/tutorial/security/toolsign/rstep2.html.

For example, the command can be as follows.

cd <TDC_HOME>\TalendDataCatalog\jre\lib\security
..\..\..\bin\keytool.exe -import -alias susan -file YourOwnCertificate.cer -keystore jssecacerts

This is an entirely different certificate from the one used by the HTTPS protocol.