Red Hat Enterprise Linux, CentOS, and SLES systems
Perform the following tasks in the order they are presented to set up a RHEL-, CentOS-, or SLES-based server for use with LDAP.
Prerequisites
Ensure the following:
The OpenLDAP package is installed. (See the following instructions.)
Each LDAP server has a separate base DN.
Steps
Run the following command to verify that the OpenLDAP package is installed.
NOTE:OpenLDAP is a requirement for using LDAP on all Linux-based
PowerFlex MDM nodes or for LIA, as stated in the
Getting to Know Dell PowerFlex Guide
rpm -qa | grep openldap
Output similar to the following should appear, with the relevant package number:
openldap-2.4.23-32.el6_4.1.x86_64
When secure LDAP is used, retrieve the configured CA certificate location from the OpenLDAP client configuration and make note of the location. For non-secure LDAP, skip to step 5.
For example:
grep TLS_CACERTDIR /etc/openldap/ldap.conf
Output similar to the following should appear:
TLS_CACERTDIR /etc/openldap/ldap.conf
NOTE:The location of the CA certificates may differ depending on the Linux distribution and release.
If the certificate location does not exist, create a directory at the configured location: As root user, create a
cacerts directory under
/etc/openldap:
mkdir -p <TLS_CACERTDIR>
For example:
mkdir -p /etc/openldap/cacerts
Verify that the following entry is displayed in
/etc/openldap/ldap.conf:
RHEL/CentOS:
TLS_CACERTDIR /etc/openldap/cacerts/
SLES:
TLS_CACERTDIR
On the
PowerFlex component host, ensure that it is possible to establish a TCP connection to the LDAP server's address.
Import the certificate files from the LDAP server to the OpenLDAP client CA certificate location <TLS_CACERTDIR> determined in steps 2-4, and run
openssl rehash. For non-secure LDAP, skip this task.
For example:
openssl rehash <TLS_CACERTDIR>
For example:
openssl rehash /etc/openldap/certs
NOTE:The method of CA certificate import for the OpenLDAP client may differ based on your organization's security guidelines. Consult your security administrator for steps to import the CA certificates for use with LDAP client.
Data is not available for the Topic
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please provide ratings (1-5 stars).
Please select whether the article was helpful or not.
Comments cannot contain these special characters: <>()\