Directory services and certificate management
The LDAP communication between NetBackup Flex Scale and AD/LDAP server is not secure by default. You can secure this traffic by using SSL/TLS.
When an AD/LDAP domain is configured using an SSL connection, you must provide the SSL certificate while adding the domain. The server's name used while adding the domain must exactly match with the server CN used for generating the certificate. If you used an FQDN to generate the certificate in a non-DNS environment, then you have to add the IP to FQDN mapping using the option in the Appliance UI. See Considerations for configuring AD/LDAP.
Note:
To configure AD/LDAP server with SSL, use unencrypted certificate file. Encrypted certificate is not allowed.
Note:
If AD/LDAP is configured with SSL=on, only FIPS-compliant encryption is supported for a deployment with only media servers.
To configure AD/LDAP
- Navigate to Settings > Directory Services and click Configure.
- Enter the inputs required.
LDAP server address
IP address or FQDN of the AD/LDAP server
Port
Port number on which the AD/LDAP server is listening.
If AD/LDAP is configured without SSL certificate, then port number should be 389.
If AD/LDAP is configured with SSL certificate, then port number should be 636.
Directory type
Specify the directory type. It can be Open LDAP or Active Directory (when using Microsoft Active Directory)
Domain name
Specify the domain name.
User Base DN
Base DN subtree that is used when searching for user entries on the AD/LDAP server.
Group Base DN
Base DN subtree that is used when searching for group entries on the AD/LDAP server.
Bind DN/LDAP administrator
Distinguished name of theAD/ LDAP user who can search the AD/LDAP directory. Typically, it is the user name of the AD/LDAP server administrator.
Bind DN/LDAP password
Password for the given AD/LDAP administrator user
Encryption type
Specify the encryption type as secure or non-secure.
In secure method, SSL/TLS is the encryption method.
If you choose the Encryption type to be SSL/TLS, you have to upload the certificate that you want to use to encrypt and secure the connection with the AD/LDAP server. Click Choose file and upload the certificate.
- Click Configure.
- You can test the connection after you configure it. Click Test connection. You receive notifications after the successful completion/failure of the test connection.
The AD/LDAP details appear in the tab.
You can perform a test connection to validate the AD/LDAP configuration. On the same page, there is an option to remove the AD configuration.