Purpose

Determines whether the driver validates the certificate sent by the server when TLS/SSL encryption is enabled for connections to the LDAP server (LDAPEncryptionMethod=SSL). When TLS/SSL encryption is used, the server's certificate must be issued by a trusted Certificate Authority (CA). Allowing the driver to trust any certificate, even if it is not issued by a trusted CA, can be useful in test environments, as it eliminates the need to configure truststore information on each client.

Valid values

true | false

Behavior

If set to true, the driver validates the certificate that is sent by the LDAP server. Any certificate from the server must be issued by a trusted CA in the truststore file. If the LDAPHostNameInCertificate property is specified, the driver also validates the certificate using a host name. The LDAPHostNameInCertificate property is optional and provides additional security against man-in-the-middle (MITM) attacks by ensuring that the server the driver is connecting to is the server that was requested.

If set to false, the driver does not validate the certificate that is sent by the LDAP server. The driver ignores any truststore information that is specified by the LDAPTrustStore and LDAPTrustStorePassword properties or Java system properties.

Truststore information is specified using the LDAPTrustStore and LDAPTrustStorePassword properties or by using Java system properties.

Data source method

setLDAPValidateServerCertificate

Default

true

Data type

boolean