Table 88 Active Directory Keys To Modify - HP SN3000B Administrator's Manual

3. Set the switch authentication mode and add your LDAP server by using the commands shown
4. Set up LDAP according to the instructions in
Fabric OS Administrator's Guide
53-1002446-01
Specify the DNS IP address using either IPv4 or IPv6. This address is needed for the switch to
resolve the domain name to the IP address because LDAP initiates a TCP session to connect to
your Microsoft Active Directory server. A Fully Qualified Domain Name (FQDN) is needed to
validate the server identity as mentioned in the common name of the server certificate.
in the following example. Provide the Fully Qualified Domain Name (FQDN) of the Microsoft
Active Directory server for the host name parameter while configuring LDAP.
Example of setting up LDAP for FIPS mode
switch:admin> aaaconfig --add GEOFF5.ADLDAP.LOCAL -conf ldap -d
-p 389 -t 3
switch:admin> aaaconfig --authspec "ldap;local"
switch:admin> aaaconfig –show
RADIUS CONFIGURATIONS
=====================
RADIUS configuration does not exist.
LDAP CONFIGURATIONS
===================
Position
Server
Port
Domain
Timeout(s)
Primary AAA Service: LDAP
Secondary AAA Service: Switch database
Directory" on page 109, and then perform the following additional Microsoft Active Directory
settings
a. To support FIPS-compliant TLS cipher suites on the Microsoft Active Directory server, allow
the SCHANNEL settings listed in
TABLE 88
Active Directory keys to modify
Key
Ciphers
Hashes
Key exchange algorithm
Protocols
b. Enable the FIPS algorithm policy on the Microsoft Active Directory.
: 1
: GEOFF5.ADLDAP.LOCAL
: 389
: adldap.local
: 3
"LDAP configuration and Microsoft Active
Table 88.
Sub-key
3DES
SHA1
PKCS
TLSv1.0
FIPS mode configuration
adldap.local
C
525