UCSM integration with SSL for LDAP

dganta · ‎05-19-2017

We have integration of UCSM with LDAP server however want to enable SSL for the LDAP authentication. There is no document listing the procedure for this. Can you please let me know theclear and detail procedure for the same like where we need to generate the certificatesetc.

Thanks,

Dinesh

Walter Dey · ‎05-20-2017

Hi Dinesh

http://www.cisco.com/c/en/us/support/docs/servers-unified-computing/ucs-infrastructure-ucs-manager-software/200092-UCSM-LDAP-Troubleshooting-guide.html#anc9

Problem scenario #4 - LDAP Authentication works but not with SSL enabled

LDAP authentication is working fine without Secure Socket Layer (SSL) but fails when SSL option is enabled.

Recommendation
UCSM LDAP client uses the configured trust-points (Certificate Authority (CA) certificates) while establishing SSL connection.

1. Make sure the trust-point was configured correctly.

2. The identify field in cert should be the " hostname "of the LDAP server. Make sure the hostname configured in UCSM matches the hostname present in certificate and are valid.

3. Make sure UCSM is configured with 'hostname' not 'ipaddress' of the LDAP server and it is recheable from local-mgmt interface.

dganta · ‎05-20-2017

Hi Walter,

I have gone through this link but I am not sure where exactly I should genetate the CA certificates. Should I generate the CA certificates from the LDAP server or from the Local system, I never did this before. Also how exactly the trust point should be configured.

Thanks,

Dinesh