Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Flex Scale Administrator's Guide
  3. NetBackup Flex Scale infrastructure management
  4. User management
  5. Directory services and certificate management
NetBackup™ Flex Scale Administrator's Guide

Directory services and certificate management

The LDAP communication between NetBackup Flex Scale and AD/LDAP server is not secure by default. You can secure this traffic by using SSL/TLS.

When an AD/LDAP domain is configured using an SSL connection, you must provide the SSL certificate while adding the domain. The server's name used while adding the domain must exactly match with the server CN used for generating the certificate. If you used an FQDN to generate the certificate in a non-DNS environment, then you have to add the IP to FQDN mapping using the Network > Custom Hosts option in the Appliance UI. See Considerations for configuring AD/LDAP.

Note:

To configure AD/LDAP server with SSL, use unencrypted certificate file. Encrypted certificate is not allowed.

Note:

If AD/LDAP is configured with SSL=on, only FIPS-compliant encryption is supported for a deployment with only media servers.

To configure AD/LDAP

  1. Navigate to Settings > Directory Services and click Configure.
  2. Enter the inputs required.

    LDAP server address

    IP address or FQDN of the AD/LDAP server

    Port

    Port number on which the AD/LDAP server is listening.

    If AD/LDAP is configured without SSL certificate, then port number should be 389.

    If AD/LDAP is configured with SSL certificate, then port number should be 636.

    Directory type

    Specify the directory type. It can be Open LDAP or Active Directory (when using Microsoft Active Directory)

    Domain name

    Specify the domain name.

    User Base DN

    Base DN subtree that is used when searching for user entries on the AD/LDAP server.

    Group Base DN

    Base DN subtree that is used when searching for group entries on the AD/LDAP server.

    Bind DN/LDAP administrator

    Distinguished name of theAD/ LDAP user who can search the AD/LDAP directory. Typically, it is the user name of the AD/LDAP server administrator.

    Bind DN/LDAP password

    Password for the given AD/LDAP administrator user

    Encryption type

    Specify the encryption type as secure or non-secure.

    In secure method, SSL/TLS is the encryption method.

    If you choose the Encryption type to be SSL/TLS, you have to upload the certificate that you want to use to encrypt and secure the connection with the AD/LDAP server. Click Choose file and upload the certificate.

  3. Click Configure.
  4. You can test the connection after you configure it. Click Test connection. You receive notifications after the successful completion/failure of the test connection.

The AD/LDAP details appear in the Directory Services tab.

You can perform a test connection to validate the AD/LDAP configuration. On the same page, there is an option to remove the AD configuration.

Feedback

Was this page helpful?
Previous

Configuring AD/LDAP servers on clusters deployed with only media servers

Next

Region settings management

Feedback

Was this page helpful?