UCS LDAP to LDAPs

lee.ainsworth · ‎08-15-2022

Hi all,

i have been tasked with converting our LDAP to LDAPs on our UCS'.

They are currently running 4.0(4l)

ive tried finding information online, but nothing concrete.

Am i right in thinking that in order to convert LDAP to LDAPs i will have to get an SSL cert created and do trusted points etc?

Currently we use the default keyring, regenerated every year.

Are they the same thing? or will i have to actually get the UCS using proper SSL certs in order to get LDAPs working?

any help is appreciated, and if you need anymore information then i will be happy to supply!

Thank you

Steven Tardy · ‎08-16-2022

See the docs:

https://www.cisco.com/c/en/us/td/docs/unified_computing/ucs/ucs-manager/GUI-User-Guides/Admin-Management/4-0/b_Cisco_UCS_Admin_Mgmt_Guide_4-0/b_Cisco_UCS_Admin_Mgmt_Guide_4-0_chapter_0100.html

Search for:

 Enable SSL check box

That doc should get you what you're asking.

My understanding is Trusted Points are for intermediate and/or root certificates for the HTTPS certificate on UCSM.

The default keyring is for the HTTPS certificate on UCSM.

So these are both for TLS/HTTPS server on UCSM which is completely different then UCSM reaching out to a TLS'd/startTLS service on the external LDAP.

lee.ainsworth · ‎08-21-2022

Hi Steven,

thanks for your reply, ive done a lot of reading, and it seems that if i check the enable SSL then i could get locked out. Won't it be looking for a certificate from the UCS to our LDAPs?

When i go to make a new provider i don't get asked for any certs or anything, is that normal? if i tick SSL on the existing providers, will i get locked out and have to use a local account to get in and disable SSL?

lee.ainsworth · ‎08-24-2022

i have decided to do a proper SSL cert for the UCSM and go from there, does this have any affect on the KVM certificates?