Skip to main content

LDAP signing and sealing concepts

Contributors netapp-ahibbard netapp-thomi

Beginning with ONTAP 9, you can configure signing and sealing to enable LDAP session security on queries to an Active Directory (AD) server. You must configure the NFS server security settings on the storage virtual machine (SVM) to correspond to those on the LDAP server.

Signing confirms the integrity of the LDAP payload data using secret key technology. Sealing encrypts the LDAP payload data to avoid transmitting sensitive information in clear text. An LDAP Security Level option indicates whether the LDAP traffic needs to be signed, signed and sealed, or neither. The default is none. test

LDAP signing and sealing on SMB traffic is enabled on the SVM with the -session-security-for-ad-ldap option to the vserver cifs security modify command.