Enable Lightweight Directory Access Protocol signing and sealing
-
PDF of this doc site
- Cluster administration
-
Volume administration
-
Logical storage management with the CLI
-
Logical storage management with the CLI
-
NAS storage management
-
Configure NFS with the CLI
-
Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
-
Configure NFS with the CLI
- Security and data encryption
-
Data protection and disaster recovery
Collection of separate PDF docs
Creating your file...
Signing and sealing are supported to enable session security on queries to an LDAP server. This approach provides an alternative to LDAP-over-TLS session security.
Signing confirms the integrity of LDAP payload data using secret key technology. Sealing encrypts the LDAP payload data to avoid transmitting sensitive information in clear text. The session security settings on an SVM correspond to those available on the LDAP server. By default, LDAP signing and sealing are disabled.
-
To enable this function, run the
vserver cifs security modify
command with thesession-security-for-ad-ldap
parameter.Options for LDAP security functions:
-
None: Default, no signing or sealing
-
Sign: Sign LDAP traffic
-
Seal: Sign and encrypt LDAP traffic
The sign and seal parameters are cumulative, meaning that if the sign option is used, the outcome is LDAP with signing. However, if the seal option is used, the outcome is both sign and seal. In addition, if a parameter is not specified for this command, the default is none. The following is an example configuration:
cluster1::> vserver cifs security modify -vserver vs1 -kerberos-clock-skew 3 -kerberos-ticket-age 8 -session-security-for-ad-ldap seal
-