Reference Guide

To verify connection to the LDAP server will be successful, do the following:

Steps

1. Click Verify Connection on the Directory Services page.

If the configuration is valid, a connection will be established with the LDAP server and a green check mark along with the

text Connection Verified will appear.

2. If the verification fails, the following steps are recommended to troubleshoot the failure:

a. Verify the Directory Services configuration information, in particular the Distinguished Name (user name),

Password, and the Server Address (IP address).

b. Verify the LDAP server is online.

c. Verify there are no network issues; for example, firewall rules that would block access to the LDAP port, network router

configuration that prevents the connection, and such.

Configure Secure LDAP

About this task

Configuring Secure LDAP (LDAPS) requires the following:

● Configure LDAPS protocol and the port

● Configure the certificate chain

When LDAPS is configured, PowerStore connects to the LDAP server using TLS. PowerStore requires the certificate chain file

to be uploaded, to properly verify the server certificate received from the LDAP server when the TLS session is established.

PowerStore does not support DNS for LDAP. The LDAP server certificate must have IP addresses, as specified in the LDAP

configuration, in the Subject or Subject Alternative Name field in the certificate. This is required to verify that the certificate is

from the desired LDAP server.

The format of the certificate file to be uploaded is as follows:

● The certificate file must end in one of the following file extensions:

○ .pem

○ .crt

○ .cer

○ .ca-bundle

Example: LdapServerChain.crt

● All certificates in the certificate file to be uploaded must be in PEM format. PEM formatted certificates are ASCII text that

begin with -----BEGIN CERTIFICATE----- and end with -----END CERTIFICATE-----.

● If the LDAP server certificate is self-signed, only the server certificate is required.

● If the LDAP server certificate is signed by a Certificate Authority, then the certificate chain, up to the root certificate

Authority, must be in the certificate file to be uploaded in the following order:

1. Intermediate Certificate Authority certificate (if any).

2. ...

3. Root Certificate Authority certificate.

4. If there are multiple certificates in the file to be uploaded, there must be a new line between each certificate.

To configure LDAPS, do the following:

Steps

1. Click Edit LDAP Configuration.

The Directory Services slide out panel appears.

2. Under Domain Settings, select the LDAP Secure (Use SSL) checkbox.

The port for LDAPS cannot be customized. The LDAP server uses one of the following default ports:

● 636 for LDAPS

● 3269 for LDAPS (global catalog)

Directory Services