How to enable LDAP with SSL in UCS

Zusammenfassung: How to enable LDAP with SSL in UCS.

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Weisungen

  1. First confirm that your standard LDAP configuration working ok currently.
 
  1. LDAP over SSL uses STARTTLS, ports 636 and 389 will need to be open on the LDAP server.
 
  1. Create a trusted point containing the certificate of the root certificate authority (CA) of the LDAP server in Cisco UCS Manager.
  • In UCSM go to Admin, Key Management, Trusted Points.
  • Click Add.
  • Give the new TP a name and paste in the certificate chain. This you will need to obtain from your LDAP/AD administrator.
  • NOTE: The subject field in cert should be the hostname of the LDAP server. Make sure the hostname configured in UCSM matches the hostname present in certificate and is valid.
  • The certificate chain is the certificate information for the trusted point. It is a concatenation of the certification chain, starting with the Intermediate Certificates, then the Root Certificate, in a top-down order. The entire contents of the Base64 encoded X.509 (CER) file starting from the -----BEGIN CERTIFICATE----- to the -----END CERTIFICATE----- need to be copied, then immediately following on the next line, should be the next certificate starting from the -----BEGIN CERTIFICATE----- to the -----END CERTIFICATE-----.
E.g: 
-----BEGIN CERTIFICATE-----
<Intermediate Certificate Contents>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Intermediate + 1 Certificate Contents>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Root Certification Authority Certificate Contents>
-----END CERTIFICATE-----
 
  1. Configure LDAP provider with SSL
  • In UCSM go to Admin, User management, Authentication.
  • Change the authentication realm for the domain to Local.
  • Go to LDAP, LDAP Providers.
  • Select your existing working LDAP provider.
  • Make sure the LDAP server hostname is set in properties, not the ip address of the LDAP server.
  • Tick the box to Enable SSL.
  • Go back to Authentication and change back the domain authentication realm to LDAP.

Betroffene Produkte

Servers
Artikeleigenschaften
Artikelnummer: 000204580
Artikeltyp: How To
Zuletzt geändert: 15 Nov. 2022
Version:  2
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.