Before LDAP/SSL settings
Note the following before settings:
LDAP/SSL is supported in XCP1091 or later.
■
The useradm privilege is required for the LDAP/SSL settings.
■
If the XSCF is configured to use LDAP, Active Directory, or LDAP/SSL for user
■
account data, the user name and UID (if specified) must not already be in use
locally or in LDAP, Active Directory, or LDAP/SSL.
To use host name for LDAP/SSL server, DNS settings need to be configured
■
properly before setting LDAP/SSL.
To support LDAP/SSL, a new system account named proxyuser is added. Verify
■
that no user account of that name already exists. If one does, use the deleteuser(8)
command to remove it, then reset XSCF before using the LDAP/SSL feature.
If the specified timeout is too brief for the configuration, the login process or
■
retrieval of user privilege settings could fail. In such case, specify larger value for
the timeout and try again.
If you are an LDAP/SSL user, you cannot upload a user public key. When you set
■
the user public key to XSCF before XCP1100, delete the user public key. The
LDAP/SSL users can access to XSCF via SSH by using the password
authentication and can login to XSCF.
Enabling or Disabling the LDAP/SSL Server
Command operation
■
1. Use the showldapssl(8) command to display the use of LDAP/SSL server.
XSCF> showldapssl
usermapmode: disabled
state: disabled
strictcertmode: disabled
timeout: 4
logdetail: none
2. Use the setldapssl(8) command to enable or disable the use of LDAP/SSL
server.
<Example1> Enable the use of LDAP/SSL server.
XSCF> setldapssl enable
<Example2> Disable the use of LDAP/SSL server.
XSCF> setldapssl disable
Chapter 2
Setting Up XSCF
2-75