• Failover LDAP provides greater availability: You can
now specify a list of Security Server-LDAP servers to be
used for storing certifi cate revocation lists (CRLs). When
certifi cate validation is being performed, this list will be
used to determine which LDAP server to connect to for
the CRL information.
• Simplifi ed administration with the ability to export
and import certifi cate chains using PKCS#7 format
fi les.defi ned length of time.
LDAP
z/OS provides industry-standard Lightweight Directory Pro-
tocol (LDAP) services supporting thousands of concurrent
clients. Client access to information in multiple directories
is supported with the LDAP protocol. The LDAP server
supports thousands of concurrent clients, increasing the
maximum number of concurrently connected clients by an
order of magnitude.
Enhancements
• Mandatory Authentication Methods (required by IETF
RFC 2829) are supported in z/OS 1.4: The CRAM-MD5
and DIGEST-MD5 authentication methods have been
added. The methods avoid fl owing the user’s password
over the connection to the server. The LDAP Server, the
C/C++ APIs, and the utilities are updated with this sup-
port. Interoperability is improved for any applications
that make use of these methods.
• TLS: z/OS LDAP now provides support for TLS (Trans-
port Layer Security) as defi ned in IETF RFC 2830 as an
alternative to SSL support. It also provides support, via
an LDAP extended operation, that allows applications to
selectively activate TLS for certain LDAP operations at
the application’s discretion.
Page 65