Dell PowerFlex v3.6.x User Roles and LDAP Usage Technical Notes

Establish trust between the PowerFlex Gateway and the LDAP server

If secure LDAP is used, configure a secured connection to the LDAP servers by adding the LDAPS servers' certificates to the PowerFlex Gateway’s truststore using the Java Keytool utility.

1. Add the LDAPS servers' certificates to the PowerFlex Gateway’s truststore.jks file.

   keytool -importcert -trustcacerts -alias [unique_alias] -file [path_to_the_certificate_file] -keystore [path_to_certificates_folder]/truststore.jks

   The truststore.jks is located at:

   • Linux: /opt/emc/scaleio/gateway/webapps/ROOT/WEB-INF/classes/certificates/truststore.jks
   • Windows: C:\Program Files\EMC\ScaleIO\Gateway\webapps\ROOT\WEB-INF\classes\certificates\truststore.jks

   For multiple LDAP servers, import all the certificates. Each certificate alias must be unique. Dell recommends using the certificate's full subject. For example:

   givenname=mdm, ou=asd, o=emc, l=hopkinton, st=massachusetts, c=us, cn=centos-6.4-adi5

   The default truststore password is changeit.

2. Restart the PowerFlex Gateway service:
   • On a Linux server run:

     service scaleio-gateway restart

   • On a Windows server: From the Windows Services window, restart the EMC ScaleIO Gateway.
3. Run the following command and confirm in the output that each LDAPS server's certificate was imported successfully into the truststore.jks file:

   keytool -list -v –keystore [truststore.jks_path] -storepass <storepass>

   NOTE:The default storepass is changeit.
   For example:

   keytool -list -v –keystore "/opt/emc/scaleio/gateway/webapps/ROOT/WEB-INF/classes/certificates/truststore.jks" -storepass changeit