How to enable LDAP with SSL in UCS

Summary: How to enable LDAP with SSL in UCS.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

  1. First confirm that your standard LDAP configuration working ok currently.
 
  1. LDAP over SSL uses STARTTLS, ports 636 and 389 will need to be open on the LDAP server.
 
  1. Create a trusted point containing the certificate of the root certificate authority (CA) of the LDAP server in Cisco UCS Manager.
  • In UCSM go to Admin, Key Management, Trusted Points.
  • Click Add.
  • Give the new TP a name and paste in the certificate chain. This you will need to obtain from your LDAP/AD administrator.
  • NOTE: The subject field in cert should be the hostname of the LDAP server. Make sure the hostname configured in UCSM matches the hostname present in certificate and is valid.
  • The certificate chain is the certificate information for the trusted point. It is a concatenation of the certification chain, starting with the Intermediate Certificates, then the Root Certificate, in a top-down order. The entire contents of the Base64 encoded X.509 (CER) file starting from the -----BEGIN CERTIFICATE----- to the -----END CERTIFICATE----- need to be copied, then immediately following on the next line, should be the next certificate starting from the -----BEGIN CERTIFICATE----- to the -----END CERTIFICATE-----.
E.g: 
-----BEGIN CERTIFICATE-----
<Intermediate Certificate Contents>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Intermediate + 1 Certificate Contents>
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
<Root Certification Authority Certificate Contents>
-----END CERTIFICATE-----
 
  1. Configure LDAP provider with SSL
  • In UCSM go to Admin, User management, Authentication.
  • Change the authentication realm for the domain to Local.
  • Go to LDAP, LDAP Providers.
  • Select your existing working LDAP provider.
  • Make sure the LDAP server hostname is set in properties, not the ip address of the LDAP server.
  • Tick the box to Enable SSL.
  • Go back to Authentication and change back the domain authentication realm to LDAP.

Affected Products

Servers
Article Properties
Article Number: 000204580
Article Type: How To
Last Modified: 15 Nov 2022
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.