LogoLogo
ProcMan Admin Guide V6.0.0
ProcMan Admin Guide V6.0.0
  • Welcome
  • Release Notes
  • Installation
    • System Requirements
    • Prerequisites
    • Component Overview
    • Before the installation
      • Required authorizations
      • Required persons
      • Preparation of the installation
    • ProcMan Installation Guide
      • DB2 Client Installation and configuration
      • Step 1: Adjust the windows code page
      • Step 2: Installation of HWF (HORIZONT Web Framework)
      • Step 3: Activate the DB2 PHP Extension
      • Step 4: Installation of ProcMan
      • Step 5: Set up HWM (HORIZONT Workflow Manager)
      • Step 6: Setting up the configuration files
        • Initial setup of hos_db_config.php
        • Initial setup of hos_config2.php
        • Environment files
      • Step 7: Check installaton and change admin password
      • Step 8: Web Server configuration
        • ProcMan server certificate
        • Client certification
        • HTTP configuration
      • Encrypted secure LDAP communication
      • Communication with external systems
  • ProcMan Update Guide
  • Installation and customization JCL z/OS part
    • Installation overview
    • Setting up TLS Communication
    • Installation steps on z/OS
    • Update installation steps on z/OS
    • Post Installation tasks and customization at z/OS
    • Administration dialog z/OS
    • JCL Rules syntax and help
    • JCL Examples
      • xxSADUMP
      • xxSJCUST
      • xxSDELD
      • xxSJFCNT
      • xxSJVSFL
  • Administration Dialog
    • General structure
    • Definitions
      • Clients
      • Roles
      • Accounts
        • Accounts list
        • Creating a new account
        • Importing accounts via LDAP
        • Configuring authentication z/OS system
        • Editing an account
        • Changing password
        • Deleting accounts
      • Timezone assignment
      • Role assignment
        • Roles / Users list
        • Users to role assignment
        • Roles to user assignment
      • Calendars
      • Calendar assignment
      • Search areas
      • Actions
      • Global definitions
      • Process definitions
      • Object browser
    • Tools
      • Deleted Processes
      • Automaton
      • Transfer Case
      • Encryption
      • Log Files Administration
      • Benchmark
      • Savepoints
      • Web Server Restart
    • Utilities
      • User information update (hwm_update_accounts)
      • Role assignment (hwm_update_user_roles)
      • Certificate request generation (hwm_cert_request)
      • Export of libraries from archive (hwm_export_zos_library)
      • Report generation (hwm_process_report)
      • Triggering autoexecution of activities (hwm_autoexec)
      • Maintenance of the custom_data table (hwm_custom_data)
      • Benchmark (hwm_benchmark)
    • Rest-API Interface
      • Usage of the RestAPI
        • RestAPI GUI by ProcMan
        • cURL utility
      • REST-API Modules
        • m_environment
        • m_jcl_approve
        • m_jcl_confirm
        • m_jcL_fillforms
        • m_jcl_generate
        • m_jcl_check_parallel
        • m_jcl_select_file_arc
        • m_jcl_select_file_sys
        • m_jcl_change
        • m_tws_adhoc_appl
      • RestAPI Troubleshooting
  • Modules customization
    • Customization JCL Module
      • File Formats
      • Basic configuration
        • hos_config.php
          • debug_screen_enabled
          • debug_files_enabled
          • debug access
          • debug_ml
          • hos_version
        • hos_config2.php
          • base_tmp_dsn
          • duplicate_member
          • environment
            • codepage
            • exclude_delete
            • jcl_dd_forms
            • jcl_osj
            • jcl_result_files
            • jcl_supported_statements
            • target_mirror
            • task
            • temp_dsn_alloc_site
            • tmp_dsn_alloc_site_ps
            • template
            • zos_tech_user
            • template_dsn_cntl
            • base_tmp_dsn
          • file_list_column
          • jobname_format
          • list_limit
          • member_processing_method
          • member_spearator
          • pager
          • passwords
          • ps_transfer
          • reload_environment
          • remove_from_archive_on_delete
          • rot_client_code_page
          • rot_ini_file
          • rot_separator
          • script_access_log_file
          • syntax_highlighter
          • syntax_highlighter_combo
          • system_mapping
          • template_dsn_cntl
          • tmp_dir
          • web_code_page
          • xinfo
          • zos_tech_user
        • hos_db_config.php
        • hos_jcl_config.php
        • hos_sysin_config.php
        • horcclnt.ini
      • Process configuration
      • Dictionary
      • User forms
        • <groups> XML section
        • <group> XML section
        • <item> XML section
          • wai_input
          • wai_select
          • hidden
          • multiline
          • freetext
          • text
        • FORMCONT table
    • Customization IWS ZOS Module
      • IWS Configuration
      • Process configuration
      • Environment configuration
      • IWS Additional Data
        • Configuration of IWS additional data
        • Configuration of structure of IWS additional data
        • Database structure IWS additional data
        • Import & export of IWS additional data
          • Options for tws_addata command line utility
          • Example usage of tws_addata command line utility
      • IWS Rules
        • Input data and output data
        • IWS rules basic configuration
        • IWS rules configuration in process configuration
        • Database structure for IWS rules – lookup table
        • INIT element
        • Processing elements
          • Processing element TEST
          • Processing element PARALLEL_CHECK inside TEST element
          • Processing element CHECK
          • Processing element CHANGE
          • Change Runcycle offsets
          • Processing element INSERT
          • Processing element DELETE
          • Processing element MESSAGE
        • Conditions element COND
        • Conditions element OICOND
        • Substring operation
        • Logging of IWS rules processing
      • IWS ADHOC
        • IWS ADHOC SIMPLE process
        • IWS ADHOC ON DEMAND process
        • IWS ADHOC ONE TIME process
        • Settings for creation and update of JCL scripts
      • IWS CP
        • Modifying operations in current plan
          • Configuring JCL edit task for CP operation
      • IWS Object Browser
      • Automatic Activities
      • Customizing IWS Processes
        • Customizing process messages
        • Customizing list of AD applications
          • Customizing the selection criteria using app_sec
          • Customizing the AD list result using tws_sec
        • Customizing picker lists
          • Customize picker lists using app_sec
          • Configuring picker list using tws rules lookup
        • Customizing parallel IWS application modifications
        • Customizing technical user for z/OS
        • Customizing IWS systems with process definition parameter
    • Customization Control-M Module
      • Prerequisites
      • Installation
      • Configuration
        • Configuration files
        • Actions
        • Process and object parameter definitions
      • Examples
        • Configuration of the communication with Control-M
        • Call configuration file
        • Rules configuration file
        • Actions
        • Process
        • Object Browser
      • Automatic Activities
      • Starting Activities Via Rest API
    • Customization Universal Object Module
      • Configuration
        • Configuration files
          • hos_docu_config.php
          • hos_docu_call_config.php
        • Actions
          • Activity actions
          • Report action
          • Cleanup action
          • Object Browser action
        • Process and object parameter definitions
      • Example
        • Configuration file
        • Actions
        • Process
        • Object Browser
      • Automatic Activites
      • Starting Activities Via Rest API
        • Request
        • Response
        • Automatic activities
  • JCL Rules
    • Introduction
    • Basics
      • Comments
      • Variables
      • Data Types
      • Operators
      • Functions
      • Rules
      • Expressions
      • Conditions
      • Loops
      • Includes
    • Examples
    • Keywords
    • Statements
    • Functions
      • Debugging
      • Date & Time
      • Forms
      • Lists
      • ProcMan Objects
      • Process Information
      • SmartJCL Objects
      • Strings
      • Variables
      • Other
      • Testing
      • XML
    • Predefined Constants
  • FAQs, Tipps & Tricks, etc
    • ProcMan Tipps & Tricks
      • HWM
      • APP_SEC
      • Useful php functions
Powered by GitBook
On this page
Export as PDF
  1. Installation
  2. ProcMan Installation Guide

Encrypted secure LDAP communication

PreviousHTTP configurationNextCommunication with external systems

Last updated 1 month ago

If the user login shall work via encrypted secure LDAP communication (LDAPS), there have to be set some system environment variables to configure the LDAPS communication and after that the Web Server has to be restarted (e.g. in Windows’s Services dialog restart the HORIZONT HTTP Server service). On Unix/Linux the setting of the system variables works as well, but the preferred way is to set appropriate options in the ldap.conf file (see the description for this later in this chapter).

The most important environment variables which take effect on the secure LDAP communication are LDAPTLS_REQCERT, LDAPTLS_CACERT, LDAPTLS_CERT and LDAPTLS_KEY. If there are also other settings required by a particular installation please refer to and search for ldap.conf for more information.

No server certificate verification required

If server certificate verification by the client is not required, set the environment variable LDAPTLS_REQCERT=never

Server certificate verification required

If server certificate verification by the client is required, copy the certificate of the server certificate’s authority provided by the customer to a file on the ProcMan server (e.g. C:\Programs\HORIZONT\ldap\server_ca.crt). If the server certificate has been issued using an intermediate authority certificate, which self has been signed by a parent authority certificate, copy all the chain of the intermediate authority certificate and all its ancestor authority certificates in arbitrary order in a single file on the ProcMan server.

Set the environment variables LDAPTLS_REQCERT=try and LDAPTLS_CACERT=<file>, where <file> is the file with its absolute path containing the certificate of the server certificate’s authority (or chain of authority certificates) previously copied to the ProcMan server.

Client certificate verification required

Beside the server certificate verification by the client, also client certificate verification by the server can be required for the secure LDAP communication in some installations. In this case a client certificate file and its private key file provided by the customer and issued by an authority known to the server has to be copied to files on the ProcMan server (e.g. C:\Programs\HORIZONT\ldap\client.crt and C:\Programs\HORIZONT\ldap\client.key). Beware that the key file has to be protected to avoid its misuse.

Set the environment variables LDAPTLS_CERT=<cert_file> and LDAPTLS_KEY=<key_file>, where <cert_file> is the client certificate file and <key_file> is the private key file, with their absolute paths, previously copied to the ProcMan server.

On Unix/Linux the preferred way is to set appropriate options in the ldap.conf file, rather than use the system variables. In a HWF installation the ldap.conf file is placed in /opt/horizont/hwf/etc/ldap.conf. The configuration options corresponding to the system variables described above are TLS_REQCERT, TLS_CACERT, TLS_CERT and TLS_KEY. The required options can be added by editing the ldap.conf file.

Example (ldap.conf):

TLS_REQCERT try
TLS_CACERT /opt/horizont/my_company_ca.crt
http://www.openldap.org/software/man.cgi