Sun Microsystems, Inc.  Sun System Handbook - ISO 4.1 October 2012 Internal/Partner Edition
   Home | Current Systems | Former STK Products | EOL Systems | Components | General Info | Search | Feedback

Asset ID: 1-71-1399906.1
Update Date:2012-07-09
Keywords:

Solution Type  Technical Instruction Sure

Solution  1399906.1 :   Sun Storage 7000 Unified Storage System: How to configure secure LDAP over SSL  


Related Items
  • Sun Storage 7310 Unified Storage System
  •  
  • Sun Storage 7410 Unified Storage System
  •  
  • Sun ZFS Storage 7120
  •  
  • Sun ZFS Storage 7320
  •  
  • Sun ZFS Storage 7420
  •  
  • Sun Storage 7110 Unified Storage System
  •  
  • Sun Storage 7210 Unified Storage System
  •  
Related Categories
  • PLA-Support>Sun Systems>DISK>NAS>SN-DK: 7xxx NAS
  •  
  • .Old GCS Categories>Sun Microsystems>Storage - Disk>Unified Storage
  •  




In this Document
Goal
Fix
 Introduction:
 Configuration on LDAP server.
 Configuration on Appliance Side
 1. Set the following properties for LDAP service.
 2. Create the ldaps host server details
 3. Enable the service
 4. Check the status


Created from <SR 3-5147000131>

Applies to:

Sun ZFS Storage 7120 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7320 - Version Not Applicable to Not Applicable [Release N/A]
Sun ZFS Storage 7420 - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7110 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
Sun Storage 7210 Unified Storage System - Version Not Applicable to Not Applicable [Release N/A]
7000 Appliance OS (Fishworks)

Goal

This document will describe how to configure unified storage to use secure LDAP over SSL.

Fix

Introduction:

LDAP can be used by the ZFS Unified Storage appliance for user directory lookups for NFS and CIFS. It can also provide authentication services for ftp, http and webdav services.
The appliance can be configured to communicated to LDAP over SSL to make the communcation secure. Here are the steps to follow:

Configuration on LDAP server.

1. Make sure LDAP Server is running on port 636
2. Since the Appliance uses a self signed certificate, the LDAP server must be configured to trust the appliance by importing the appliance certificate /etc/svc/ssl/akd.pem as a trusted CA.

Please refer to the appropriate LDAP server documentation on how to configure SSL on the server side for more information.

Configuration on Appliance Side

Assuming a proxy_dn is used to authenticate to the LDAP service for directory lookups.
See the following as an example of how to configure the appliance, substitute the correct values for base_dn, proxy_dn, proxy_password and LDAP server host that would apply to your configuration.

1. Set the following properties for LDAP service.

CLI
system:> configuration service ldap
system:configuration services ldap> set base_dn=dc=oracle,dc=com
system:configuration services ldap> set search_scope=sub
system:configuration services ldap> set cred_level=proxy
system:configuration services ldap> set auth_method=simple
system:configuration services ldap> set use_tls=true
system:configuration services ldap> set proxy_dn=<uid of proxy_user>,dc=oracle,dc=com
system:configuration services ldap> set proxy_password=<passwd>

 

2. Create the ldaps host server details

CLI
system: configuration services ldap> create
system: configuration services ldap server (uncommitted)> set host=server1
set port=636
set source=server
commit

 

3. Enable the service

CLI
system: configuration services ldap>enable

 

4. Check the status

CLI
system: configuration services ldap> show



Note Known Bugs
6939638 DSEE 6.3 refuses self-signed client SSL certs

For further information refer to the appropriate ZFS Unified Storage Administration Guide.


Attachments
This solution has no attachment
  Copyright © 2012 Sun Microsystems, Inc.  All rights reserved.
 Feedback