Directory service settings > Using SSL with an LDAP directory service
 
Using SSL with an LDAP directory service
Note  The following information is for server administrators.
If your organization uses an LDAP directory service, you can enable Use Secure Sockets Layer (SSL) in the Database Server > Directory Service tab to encrypt the user names and passwords that FileMaker Server and FileMaker Pro clients use to log in to the LDAP server. See FileMaker clients settings.
Requirements to use SSL with an LDAP service for FileMaker Server and FileMaker Pro clients:
In each FileMaker Pro client, Use Secure Sockets Layer (SSL) in the Specify LDAP Directory Service dialog box must be enabled. See FileMaker Pro Help.
Windows: The LDAP server must have Active Directory certificate services (AD CS) installed if using the LDAP server as the certificate authority (CA). See the documentation on Active Directory.
macOS: SSL must be enabled in Open Directory. See the documentation for Open Directory.
You cannot use self-signed certificates for a secure SSL connection to an LDAP server. Signed server certificates and client certificates issued by a trusted CA are required. The server certificate must be installed on the machine where the LDAP server is running. The client certificate must be installed on the FileMaker Server master machine and on FileMaker Pro and FileMaker Go computers that are using SSL to connect to the LDAP service.
To install the client root CA certificate on a Windows computer:
Set a policy on the Domain Controller to automatically install the client certificates on the client computers.
For information on enabling LDAP over SSL with a third-party external certification authority, see Microsoft’s information on Active Directory.
To install the client root CA certificate on a macOS computer:
1. The client certificate must be in Privacy Enhanced Mail (PEM) format.
1. Save the client certificate on the desktop (for example, as “name1.name2.local”).
2. Open the Terminal application and type the following command; substitute the filename of your SSL certificate for “name1.name2.local” in the command:
sudo cp ~/Desktop/name1.name2.local /etc/openldap/name1.name2.local
3. Open the ldap.conf file in an editor by typing the following command:
sudo vi /etc/openldap/ldap.conf
4. Add the following entry to the ldap.conf file; substitute the filename of your SSL certificate for “name1.name2.local” in the command:
TLS_CACERT /etc/openldap/name1.name2.local
5. Save the ldap.conf file and then exit the editor.
Notes
If FileMaker Server or FileMaker Pro is configured to log in to the LDAP server securely using SSL, only a secure SSL login will be attempted. If FileMaker Server or FileMaker Pro cannot log in to the LDAP server securely using SSL, an insecure login will not be attempted.
Related topics 
About user details
Was this topic helpful? Send feedback.