- Community Home
- >
- Networking
- >
- IMC
- >
- Configuring LDAP over SSL in iMC PLAT 7.2
Categories
Company
Local Language
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Discussions
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Community
Resources
Forums
Blogs
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-09-2019 08:50 PM
12-09-2019 08:50 PM
Configuring LDAP over SSL in iMC PLAT 7.2
I've found that our HPE IMC configuration is using port 389 with simple LDAP. Simple LDAP on port 389 = cleartext passwords (normally on 389 you use SASL to encypt).. This setup currently works - users can authenticate with their active directory credentials.
IMC doesn't seem to support SASL, so I want to configure SSL based LDAP instead on port 636. I have configured port 636 with other applications that do not support SASL.
However, I cannot seem to get this to work in iMC. I've tried lots of different certificates - the root, the DC, a PKCS7 with the chain from the intermediate up, and none work. Usually I get a "The authentication file type is incorrect" error.
I tried exporting the root cert again as .cer and suddenly I'm getting an "Authentication server is not available. Please contact the administrator" error, which seems to be an improvement.
Yet I've changed nothing else - if I change back to LDAP on port 389 it works again (with plaintext passwords...)
The only thing I can think of is that the intermediate (issuing) certificate is missing - the domain controller is issued its certificate by an intermediate CA, which is signed by the root.
Has anyone gotten this working?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-16-2019 05:01 AM
12-16-2019 05:01 AM
Re: Configuring LDAP over SSL in iMC PLAT 7.2
you probably have seen this configuration example which unfortunately doesn't talk about how to configure SSL:
https://techhub.hpe.com/eginfolib/networking/docs/IMC/v7_2/5200-1318/content/index.htm
and I assume when you configured on port 636 other applications that do not support SASL, you've changed in iMC System > Authentication Server > LDAP Server- parameters accordingly, not just the server port, right? Can you please share more detail, what this "other application" is and how it is configured?
I am an HPE Employee
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-17-2019 05:25 PM - edited 12-17-2019 05:32 PM
12-17-2019 05:25 PM - edited 12-17-2019 05:32 PM
Re: Configuring LDAP over SSL in iMC PLAT 7.2
I've not been able to get this to work either. Im using 7.3. Your link is referring to configuration for the IMC administrator logins.
There is also the configuration for the LDAP servers in the UAM section which also has a use SSL option. That gives a similar error if SSL is enabled between IMC and the LDAP servers.
That configuration has server certs but also appears to use the root cert settings under service parameter/certificate. The imc eap server certificate is used in client authentication.
The certifcate use in imc is not very well documented.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-23-2020 12:32 PM
10-23-2020 12:32 PM
Re: Configuring LDAP over SSL in iMC PLAT 7.2
to do this you'll need to get a certificate chain in pem encoded format from your AD servers. I happen to be able to access the AD servers. Login run certlm.msc. access personal -> certificates. The certificate will have client authentication capabilities which is required for the certificate. Select the certificate and view the details tab and start the export by selecting copy to file. select next to get past the no, do not export the private key if prompted. I selected Base64 encoded. save your file. Next go back to that certificate and select certification path and select the next node up. Follow the same steps and name the file something different. Repeat for each node to the top. After you have all of your nodes accounted for, you'll need to merge the files together. So in the pem encoded file. Where you have
-----END CERTIFICATE-----
you'll insert the next certificate
-----BEGIN CERTIFICATE-----
and repeat for each in the chain until all of the certificates are included. Start from the host, move to the issuer, and then to the root.
Once you have them all, save the file. Go to the authentication settings. and select require SSL and upload the file you just created. change your LDAP port likely from 389 to 636 or whatever SSL port you're LDAPS is using. Test your connection and it should work. Set a reminder for your calendar for the expiration date of the host certificate, because you'll have to update it. Usually the issuer and root have a much longer expiration.
Hopefully that works for you, it worked for me with E0705P06 (7.3)