Asset ID: |
1-71-1399906.1 |
Update Date: | 2012-07-09 |
Keywords: | |
Solution Type
Technical Instruction Sure
Solution
1399906.1
:
Sun Storage 7000 Unified Storage System: How to configure secure LDAP over SSL
Related Items |
- Sun Storage 7310 Unified Storage System
- Sun Storage 7410 Unified Storage System
- Sun ZFS Storage 7120
- Sun ZFS Storage 7320
- Sun ZFS Storage 7420
- Sun Storage 7110 Unified Storage System
- Sun Storage 7210 Unified Storage System
|
Related Categories |
- PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
- .Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
|
In this Document
Created from <SR 3-5147000131>
Applies to:
Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7420 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
7000 Appliance OS (Fishworks)
Goal
This document will describe how to configure unified storage to use secure LDAP over SSL.
Fix
Introduction:
LDAP can be used by the ZFS Unified Storage appliance for user directory lookups for NFS and CIFS. It can also provide authentication services for ftp, http and webdav services.
The appliance can be configured to communicated to LDAP over SSL to make the communcation secure. Here are the steps to follow:
Configuration on LDAP server.
1. Make sure LDAP Server is running on port 636
2. Since the Appliance uses a self signed certificate, the LDAP server must be configured to trust the appliance by importing the appliance certificate /etc/svc/ssl/akd.pem as a trusted CA.
Please refer to the appropriate LDAP server documentation on how to configure SSL on the server side for more information.
Configuration on Appliance Side
Assuming a proxy_dn is used to authenticate to the LDAP service for directory lookups.
See the following as an example of how to configure the appliance, substitute the correct values for base_dn, proxy_dn, proxy_password and LDAP server host that would apply to your configuration.
1. Set the following properties for LDAP service.
CLI
system:> configuration service ldap
system:configuration services ldap> set base_dn=dc=oracle,dc=com
system:configuration services ldap> set search_scope=sub
system:configuration services ldap> set cred_level=proxy
system:configuration services ldap> set auth_method=simple
system:configuration services ldap> set use_tls=true
system:configuration services ldap> set proxy_dn=<uid of proxy_user>,dc=oracle,dc=com
system:configuration services ldap> set proxy_password=<passwd>
2. Create the ldaps host server details
CLI
system: configuration services ldap> create
system: configuration services ldap server (uncommitted)> set host=server1
set port=636
set source=server
commit
3. Enable the service
CLI
system: configuration services ldap>enable
4. Check the status
CLI
system: configuration services ldap> show
Note Known Bugs
6939638 DSEE 6.3 refuses self-signed client SSL certs
For further information refer to the appropriate ZFS Unified Storage Administration Guide.
Attachments
This solution has no attachment