SRM 5.x :: How do I configure SRM to change authentication from LDAP to LDAPS
Summary: What are the steps to configure SRM to change the authentication from LDAP to LDAPS
Summary: What are the steps to configure SRM to change the authentication from LDAP to LDAPS
Detailed Article
Instructions
Below are the steps to configure SRM to change the authentication from LDAP to LDAPS over SSL port 636
1. Log in to the SRM frontend host using SSH
2. Run the following OpenSSL command to retrieve the LDAP server certificate and store it in a text file:
openssl s_client -showcerts -connect <FQDN_of_LDAP_Host>:636 > /tmp/ldapcert.txt
3. Once the command runs, press Ctrl+C to terminate the process. The certificate file will be saved as /tmp/ldapcert.txt
4. Open the certificate file using vi or another text editor
5. The file may contain multiple certificates, each enclosed between -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- like shown
below
-----BEGIN CERTIFICATE----
MIIDczCCAlugAwIBAgIUWl4e4UjN1uXG3nIC6gfaj39m4HgwDQYJKoZIhvcNAQEL
BQAwZDELMAkGA1UEBhMCVVMxFTATBgNVBAoTDEV4YW1wbGUgQ29ycDEmMCQGA1UE
AxMdRXhhbXBsZSBSb290IENBIDIwMTkwHhcNMjIxMTI3MTAyNzU1WhcNMzIxMTI0
MTAyNzU1WjBkMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRXhhbXBsZSBDb3JwMSYw
....
-----END CERTIFICATE----
6. The first certificate in the file is the root certificate. Copy the entire first certificate, including the BEGIN CERTIFICATE and END CERTIFICATE
lines as shown above. Note that the above is just an example.
7. Create a new file in the /tmp directory and paste the copied certificate content.
vi /tmp/cert.pem
Paste the copied certificate content and save the file.
8. Verify that the file is created successfully
ls -lart /tmp/*.pem
Expected output:
-rw-r--r-- 1 root root 2468 Month dd hh:mm cert.pem
9. Move the certificate to the Java custom certificates directory
cp /tmp/cert.pem /opt/APG/Java/Sun-JRE/version/customcerts/
10. Change to the custom certificates directory
cd /opt/APG/Java/Sun-JRE/version/customcerts/
11. Change the ownership of the certificate to the apg user:
chown apg:apg cert.pem
12. Verify the file ownership and permissions:
ls -lart *.pem
Expected output:
-rw-r--r-- 1 apg apg 2468 Month dd hh:mm cert.pem
13. Run the following script to import the certificate.
Note:
This will import all custom certificates in the above customcerts directory. If there are any other certificate files in this directory besides the one copied, move them to a separate directory temporarily if those need to be skipped.
/opt/APG/bin/generate-java-truststore.sh
Expected output:
Generating the Java certificates...
* Loading built-in Java certificates...
* Merging custom certificates...
* Saving certificates...
* 1 custom certificate added.
14. Once the certificate is imported, Log in to the SRM Admin UI.
15. Navigate to Users & Security > Authentication > Authentication Settings.
16. Change the Connection URL from
ldap://<FQDN_of_LDAP_Host>toldaps://<FQDN_of_LDAP_Host>
Click Save
17. SSH to the Frontend host and restart the tomcat service
/opt/APG/bin/manage-modules.sh service restart tomcat
18. Once Tomcat restarts, log back into the SRM Admin UI
19. Navigate to Users & Security > Authentication > Authentication Settings
20. Click Test Realm to verify the connection.
21. If successful, LDAPS is now configured correctly for SRM
Products
SRM
Related Articles
ViPR SRM Windows binary 5.x: Backend services may fail to start automatically
Summary: Backend services may fail to start automatically due to elongated start-up times of the MySQL service. Add the mysql service as a dependency to the APGBackendApg1 service to fix the issue. Detailed Article Symptoms: The Backend (apg) service ...SRM 6.0.0.0 | CIAM Environment Setup Configuration for Single sign-on (SSO)
Summary: Steps to generate a secret key and configure the CIAM server environment for Linux (vApp and Binary) and Windows Binary SRM deployments. Instructions Follow the steps below on the SRM Frontend CLI/PuTTY to configure and start the CIAM ...Hotfix - Increased file size support for Update UI artifact and 5.0.x.x Upgrade to 6.0.0.0
Issue Description: This document helps with resolution of two issues: 1. SRM vAPP upgrade from versions less than 5.0.2.2 to version 5.1.1.0 will fail to upload the Update-UI.zip file with error "An unknown error encountered while uploading the file. ...SRM 6.0.0.0 | Automated Script to Copy MYSQL libraries to System Directories and Copy apg-services script file to systemd
Summary : This script will copy the required MySQL Libraries and apg-services script file to System directories for SRM/SMR Binary Linux ( RHEL and SUSE ) deployments . The script should be executed at SRM/SMR Pre-upgrade level. Steps to Execute the ...SRM 4.7: Scheduled Report Remote Location SSH transfer fails with "Cannot negotiate, proposals do not match" error
Summary : The transfer of scheduled reports to remote hosts using SSH fails due to incompatible key exchange algorithms offered by the SRM client and remote ssh server. Detailed Article Symptoms: SRM may fail to transfer Scheduled Reports to Remote ...