Local LDAP Server Configuration

NPKD allows specifying several Local LDAP servers. The connection parameters for these server are specified in a Local LDAP Alias. You can add, edit, rename, clone, or delete any alias except for the Default alias that can be disabled, but can not be deleted or renamed.

When publishing (or publishing) objects to Local LDAP, NPKD will publish the objects to all enabled servers according to the settings in each alias.

Note that in NPKD version 1.2, only the Default alias will be used and published to. Support for using all configured aliases is added in subsequent releases.

Local LDAP Alias Operations

  • Edit: To edit a Local LDAP configuration, click the alias. A window for editing the alias is displayed.
  • Add: To add a new Local LDAP alias, enter the new alias in the field New Alias for Addition, Renaming and Cloning and click Add. The new alias is added to the list of aliases.
  • Clone: To copy all configurations of an existing Local LDAP alias to a new alias, enter the new alias in the New Alias for Addition, Renaming and Cloning field and click Clone next to the alias you want to copy the content from. The new alias will be added to the list of aliases.
  • Rename: To rename an existing Local LDAP alias, enter the new alias in the New Alias for Addition, Renaming and Cloning field and click Rename next to the alias you want to rename. The alias is changed in the alias list .
  • Delete: To delete a Local LDAP alias, click Delete next to the alias you want to delete.

Editing a Local LDAP Alias

The following configuration is available for editing a Local LDAP Alias.


  • Enable Local LDAP: If checked, Local LDAP is enabled and will be used during all (un)publishing and sync operations. Otherwise, it will be ignored alongside the configuration options below.
  • TLS Truststore Type: Truststore type for TLS authentication with Local LDAP. It can be either JKS (for *.jks files) or P12 (for *.p12 files).
  • TLS Truststore: The path to the java keystore file containing the TrustStore used when communicating with Local LDAP.
  • TLS Truststore Password: Password to access the truststore.
  • TLS Keystore Type: The type of the keystore. If set to "PKCS12" or "JKS", keystore will be loaded from file specified with the property TLS Keystore or PKCS11 Shared Library File. If set to "PKCS11", the keys stored in the HSM configured with the property TLS Keystore or PKCS11 Shared Library File is used.
  • TLS Keystore or PKCS11 Shared Library File: The full path of keystore file that is going to be used as client for establishing TLS to Local LDAP or the path to the shared library file (.so file) specific for the installed HSM; or a SUN configuration file.
  • TLS Keystore Password or Hard Token Pin: The password to be used for opening the protected keystore file, or the pin to be used for the keys stored on HSM.
  • PKCS11 Slot Label Type: The method used to identify the HSM's slot containing the key to be uses, or "SUN Configuration File" if a SUN configuration file is specified in the TLS Keystore or PKCS11 Shared Library File. Used only if TLS Keystore type is set to "PKCS11".
  • PKCS11 Slot Label Value: The HSM's slot containing the key to be used. Used only if TLS Keystore type is set to "PKCS11".
  • PKCS11 Key Alias: The alias of the key used for TLS authentication. Used only if TLS Keystore type is set to "PKCS11".
  • Publish Primary Host: Hostname of the primary Local LDAP server.
  • Publish Secondary Host: Hostname of the secondary Local LDAP server. If the connection to the primary Local LDAP server fails, NPKD will try with the secondary.
  • Publish Port: Port of the primary and secondary Local LDAP server.
  • Publish Bind DN: Bind DN in case of SIMPLE binding.
  • Publish Bind Password: Password in case of SIMPLE binding.
  • Publish Bind Mechanism: Bind mechanism.
  • Publish Master List DN: Master List DN template where should be published on Local LDAP.
  • Publish Deviation List DN: Deviation List DN template where should be published on Local LDAP.
  • Publish CSCA Certificate DN: CSCA certificate DN template where should be published on Local LDAP.
  • Publish DS Certificate DN: DS certificate DN template where should be published on Local LDAP.
  • Publish CRL DN: CRL DN template where should be published on Local LDAP.
  • Publish Base DN: Base DN template where should be published on Local LDAP.

Click Save and Test Connection to verify the new settings after storing them by establishing a TLS connection to the LDAP server.