An extension to OpenLDAP that allows OpenVMS users to extend single sign-on procedures to include OpenVMS hosts and manage user accounts in a centralized directory.
ACME LDAP for VSI OpenVMS combines the Lightweight Directory Access Protocol (LDAP) with the VSI OpenVMS Authentication and Credentials Management Extension (ACME) authentication mechanism to provide a solution that allows VSI OpenVMS customers to extend single sign-on procedures to include OpenVMS hosts and manage user accounts in a centralized directory.
The ACME LDAP agent for VSI OpenVMS provides "simple bind" authentication during login using an LDAP-compliant directory server, such as a Microsoft Active Directory domain controller or an OpenLDAP server. In this authentication method, users enter the user ID and password of their LDAP directory account when accessing the OpenVMS host.
When successfully authenticated, the external user ID is mapped to the appropriate OpenVMS username and the correct user profile is obtained.
The ACME LDAP agent supports logins from multiple user domains and provides multiple mechanisms to map domain usernames to OpenVMS usernames.
Secure Socket Layer (SSL)/Transport Layer Security (TLS) LDAP communication is supported to prevent user IDs and clear-text passwords from being exposed over the network.
For more information about the ACME server and agents, particularly if you plan to use external authentication with DECnet applications on systems running DECnet-Plus, see the section “Enabling External Authentication” in the VSI OpenVMS Guide to System Security
- VSI OpenVMS I64 or Alpha version 8.4-2L1 or higher.
- VSI TCP/IP Services for OpenVMS, HP TCP/IP Services for OpenVMS, or MultiNet TCP/IP. However, SSH logins using external authentication are supported only on hosts running HP TCP/IP Services for OpenVMS.
- The SYS$ACM-enabled (ACMELOGIN) LOGINOUT.EXE and SETP0.EXE images must be in place. For more information, see Post-Installation Tasks.
- VSI OpenLDAP 2.4.53 or later.
- VSI OpenSSL111 1.1.1g or later. SSL/TLS support is dynamically linked into OpenLDAP for OpenVMS and requires OpenSSL 1.1.1g or later.
- In addition, the reader should be familiar with the configuration and use of Microsoft Active Directory, OpenLDAP Server, or another 3rd party LDAP server in a Windows or Linux environment.
- An account on the LDAP directory server for the ACME LDAP agent to bind to and search the directory.
- In order to use SSL, TLS, or STARTTLS for the LDAP exchange encryption, the target LDAP directory servers must possess a digital certificate with the purpose of Server Authentication.
VSI proprietary free product