How to enable LDAP with SSL in UCS

概要: How to enable LDAP with SSL in UCS.

この記事は次に適用されます：この記事は次には適用されません：この記事は、特定の製品に関連付けられていません。すべての製品パージョンがこの記事に記載されているわけではありません。

LDAP over SSL uses STARTTLS, ports 636 and 389 will need to be open on the LDAP server.

Create a trusted point containing the certificate of the root certificate authority (CA) of the LDAP server in Cisco UCS Manager.

In UCSM go to Admin, Key Management, Trusted Points.
Click Add.
Give the new TP a name and paste in the certificate chain. This you will need to obtain from your LDAP/AD administrator.
NOTE: The subject field in cert should be the hostname of the LDAP server. Make sure the hostname configured in UCSM matches the hostname present in certificate and is valid.
The certificate chain is the certificate information for the trusted point. It is a concatenation of the certification chain, starting with the Intermediate Certificates, then the Root Certificate, in a top-down order. The entire contents of the Base64 encoded X.509 (CER) file starting from the -----BEGIN CERTIFICATE----- to the -----END CERTIFICATE----- need to be copied, then immediately following on the next line, should be the next certificate starting from the -----BEGIN CERTIFICATE----- to the -----END CERTIFICATE-----.

E.g:

In UCSM go to Admin, User management, Authentication.
Change the authentication realm for the domain to Local.
Go to LDAP, LDAP Providers.
Select your existing working LDAP provider.
Make sure the LDAP server hostname is set in properties, not the ip address of the LDAP server.
Tick the box to Enable SSL.
Go back to Authentication and change back the domain authentication realm to LDAP.

Servers

文書番号: 000204580

文書の種類: How To

最終更新: 15 11月 2022

バージョン: 2

お使いのデバイスがサポートサービスの対象かどうかを確認してください。