Chapter 3 Configuring Your LibraryWorking With User AccountsScalar i500 User’s Guide 101Configuring Secure LDAP on the Library 3Configuring Secure LDAP is optional. You can configure Secure LDAPusing one of the following methods (do not use both).• LDAPS — Uses Secure Sockets Layer (SSL) over a specific port forLDAP (636). You may enable LDAP over SSL (LDAPS) by entering aURI in the form of “ldaps://hostname” in the Server URI field. Thiswill use SSL to send secure communication via port 636. If the LDAPserver does not support LDAPS or does not have LDAPS enabled,then login operations will fail. LDAPS has been deprecated in favorof using StartTLS (see option below). Do not use LDAPS if you areusing StartTLS. Once you apply LDAPS, StartTLS will not beavailable.• StartTLS — Uses Transport Layer Security (TLS) over the same portas regular LDAP (389). Select the StartTLS check box to configuresecure LDAP communication using TLS. If TLS mode is notsupported on your LDAP server, then login operations will fail. Donot use StartTLS if you are using LDAPS. See Figure Figure 15 onpage 103.Installing an LDAP TLS CA Certificate 3If you are using LDAPS or StartTLS, you can also install a TLS CAcertificate for additional verification that the LDAP server has not beencompromised. The certificate must be the same certificate that is installedon your LDAP server and must be in .pem format. The library will onlyperform the verification if you have configured Secure LDAP (usingeither LDAPS or StartTLS). Place a copy of the certificate file in anaccessible location on your computer and use the Browse button to locateand install it. Once a certificate is installed, you can remove it by selectingthe Remove TLS CA Certificate check box. See Figure Figure 15 onpage 103.Configuring LDAP on the Library 3Before configuring LDAP, obtain the following LDAP parameters fromyour network administrator. You need to enter these parameters in theSetup - Remote Authentication screen on the Web client.