Contents
1 Introduction
This document describes how to change the certificate settings for Lightweight Directory Access Protocol (LDAP) Transport Layer Security (TLS).
Authentication of the LDAP server and the Managed Element (ME), and encryption of the LDAP communication, are established by Public-Key Infrastructure (PKI) X.509 certificates.
The administrator needs to change the certificate settings for LDAP TLS because of a change in the certificate configuration and more specifically when a different ME node credential for LDAP TLS has to be used.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The procedure in Install Node Credential Online has been performed.
- The user has the System Security Administrator role.
- The LDAP server is set up for TLS and has an X.509 certificate.
- The Uniform Resource Identifier (URI) configured to reach the server (that is, attribute ldapIpAddress in the Ldap managed object), is set as reference identity in the X.509 certificate of the LDAP server.
- The Managed Object (MO) for the node credential certificate
for LDAP TLS is known.
For more information, refer to the MO NodeCredential in Managed Object Model (MOM).
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
2 Procedure
To change the node credential certificate settings for LDAP TLS:
- Navigate to the Ldap MO, for example:
>dn ManagedElement=<Node Name>,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1,Ldap=1
- Enter Config mode:
(Ldap=1)>configure
- Set the reference to the applicable node credential certificate,
for example:
(config-Ldap=1)>nodeCredential=“ManagedElement=<Node Name>,SystemFunctions=1,SecM=1,CertM=1,NodeCredential=1”
- Commit the setting:
(config-Ldap=1)>commit
- Verify the result:
(Ldap=1)>show
The following is an example output:
Ldap=1 baseDn="dc=my-domain,dc=com" bindDn="cn=proxyaccount,dc=ericsson,dc=com" bindPassword="1:XUC+jE8QV05dG57Ouv7hWi1s/wa+uWi0" fallbackLdapIpAddress="192.0.2.11" ldapIpAddress="192.0.2.10" nodeCredential=”ManagedElement=<Node Name>,SystemFunctions=1,⇒ SecM=1,CertM=1,NodeCredential=1” profileFilter=ERICSSON_FILTER serverPort=636 tlsMode=LDAPS trustCategory=”ManagedElement=<Node Name>,SystemFunctions=1,⇒ SecM=1,CertM=1,TrustCategory=aurora” userLabel="LDAP based login authentication" useTls=true useTlsFallback=true [...]
Reference List
| [1] Install Node Credential Online. |
| [2] Managed Object Model (MOM). |