Purpose

Specifies a host name for certificate validation when TLS/SSL encryption is enabled for connections to the LDAP server (LDAPEncryptionMethod=SSL) and validation is enabled (LDAPValidateServerCertificate=true). This property is optional and provides additional security against man-in-the-middle (MITM) attacks by ensuring that the LDAP server the driver is connecting to is the server that was requested.

Valid values

ldap_host_name | #SERVERNAME#

where:

host_name
is a valid host name for an LDAP server.

Behavior

If ldap_host_name is specified, the driver compares the specified host name to the DNSName value of the SubjectAlternativeName in the certificate. If the certificate does not have a SubjectAlternativeName, the driver compares the host name with the Common Name (CN) part of the certificate. If the values do not match, the connection fails and the driver throws an exception.

If #SERVERNAME# is specified, the driver compares the server name that is specified in the connection URL or data source of the connection to the DNSName value of the SubjectAlternativeName in the certificate. If the certificate does not have a SubjectAlternativeName, the driver compares the host name to the CN part of the certificate’s Subject name. If the values do not match, the connection fails and the driver throws an exception. If multiple CN parts are present, the driver validates the host name against each CN part. If any one validation succeeds, a connection is established.

Notes

  • If TLS/SSL encryption or certificate validation is not enabled, this property is ignored.
  • If TLS/SSL encryption and validation are enabled and this property is unspecified, the driver uses the server name that is specified in the connection URL or data source of the connection to validate the certificate.

Data source method

setLDAPHostNameInCertificate

Default

empty string

Data type

String