ICAO Download LDAP Configuration

The ICAO Download LDAP page allows Administrators to configure the connection to ICAO Download PKD.

This following example page displays configuration values for the NPKD development environment connecting to the ICAO Preproduction Download PKD.

  • TLS Truststore: The full path of the truststore file that is going to contain the CA certificate chains will be trusted.
  • TLS Truststore Type: The type of truststore. If set to "PKCS12" or "JKS", the truststore will be loaded from file specified with the TLS Truststore field.
  • TLS Truststore Password: The password to be used for opening protected truststore file specified with the TLS Truststore field.
  • TLS Keystore Type: The type of the keystore. If set to "PKCS12" or "JKS", keystore will be loaded from file specified with the property TLS Keystore or PKCS11 Shared Library File. If set to "PKCS11", the keys stored in the HSM configured with the property TLS Keystore or PKCS11 Shared Library File are used.
  • TLS Keystore or PKCS11 Shared Library File: The full path of the keystore file to be used as client for establishing TLS to ICAO Download LDAP or the path to the shared library file (.so file) specific for the installed HSM, or a SUN configuration file.
  • TLS Keystore Password or Hard Token Pin: The password to be used for opening the protected keystore file, or the pin to be used for the keys stored on the HSM.
  • PKCS11 Shared Library File: The path to the shared library file (.so file) specific for the installed HSM, or a SUN configuration file.
  • PKCS11 Slot Label Type: The method used to identify the HSM's slot containing the key to be used, or "SUN Configuration File" if a SUN configuration file is specified in the TLS Keystore or PKCS11 Shared Library File. Used only if TLS Keystore type is set to "PKCS11".
  • PKCS11 Slot Label Value: The HSM's slot containing the key to be used.
  • PKCS11 Key Alias
  • Primary Host: The primary host of ICAO Download LDAP
  • Secondary Host: The secondary host of ICAO Download LDAP. Used only if the host specified with the Primary Host field is failing.
  • Port: The port of ICAO Download LDAP. The same value is used for both Primary Host and Secondary Host.
  • Bind MechanismThe LDAP binding mechanism to be used for connection to ICAO Download LDAP. Can be "EXTERNAL" or "SIMPLE". If set to "SIMPLE", the binding will use values specified as the Bind DN and Bind Password. The ICAO Download currently supports both bindings "EXTERNAL" and "SIMPLE".
  • Bind DN: The Bind DN to be used for LDAP binding if Bind Mechanism is set to "SIMPLE".
  • Bind Password: The password to be used for LDAP binding if Bind Mechanism is set to "SIMPLE".

The following advanced options are displayed by selecting Advanced button. The values represent the DN values standardized by the ICAO PKD specification and it is thus not recommended to edit these values:

  • Local PKD version: The highest PKD version of PKD objects imported from ICAO. This value can be updated automatically by the Scheduler
  • Download Base DN: The base DN with the default value "dc=data,dc=download,dc=pkd,dc=icao,dc=int".
  • Download Master List DN: The download master list DN with the default value "o=ml,c=<c>,dc=data,dc=download,dc=pkd,dc=icao,dc=int".
  • Download Deviation List DN: The download deviation list DN with the default value "o=ml,c=<c>,dc=data,dc=download,dc=pkd,dc=icao,dc=int".
  • Download DS Certificate DN: The download certificate DN with the default value "o=dsc,c=<c>,dc=data,dc=download,dc=pkd,dc=icao,dc=int".
  • Download CRL DN: The download CRL DN with the default value "o=crl,c=<c>,dc=data,dc=download,dc=pkd,dc=icao,dc=int".
  • The base DN for non-conformant data with the default value "dc=nc-data,dc=download,dc=pkd,dc=icao,dc=int".
  • The download master list DN for non-conformant data with the default value "o=ml,c=<c>,dc=nc-data,dc=download,dc=pkd,dc=icao,dc=int".
  • The download deviation list DN for non-conformant data with the default value "o=ml,c=<c>,dc=nc-data,dc=download,dc=pkd,dc=icao,dc=int".
  • The download certificate DN for non-conformant data with the default value "o=dsc,c=<c>,dc=nc-data,dc=download,dc=pkd,dc=icao,dc=int".
  • The download CRL DN for non-conformant data with the default value "o=crl,c=<c>,dc=nc-data,dc=download,dc=pkd,dc=icao,dc=int".
  • Dowload Registry DN: The download registry DN with the default value "o=<o>,c=<c>,dc=data,dc=download,dc=pkd,dc=icao,dc=int".
  • If checked, NPKD will use paging LDAP control when downloading objects from ICAO. Otherwise, all entries will be downloaded in one try
  • If LDAP paging control is enabled, this value will be used for page size. Otherwise, this value is not used

Click Save to save all configuration options on the page.

To test the configured connection, click Save and Test Connection. The connection and binding are then tested against the ICAO Download LDAP when the configuration options are stored.

When connection to the actual ICAO (Production or Staging), the default LDAP DNs work fine