Configure LDAP clients to use TLS for highest security
Before you upgrade ONTAP, you must configure LDAP clients using SSLv3 for secure communications with LDAP servers to use TLS. SSL will not be available after the upgrade.
By default, LDAP communications between client and server applications are not encrypted. You must disallow the use of SSL and enforce the use of TLS.
-
Verify that the LDAP servers in your environment support TLS.
If they do not, do not proceed. You should upgrade your LDAP servers to a version that supports TLS.
-
Check which ONTAP LDAP client configurations have LDAP over SSL/TLS enabled:
vserver services name-service ldap client show
If there are none, you can skip the remaining steps. However, you should consider using LDAP over TLS for better security.
-
For each LDAP client configuration, disallow SSL to enforce the use of TLS:
vserver services name-service ldap client modify -vserver <vserver_name> -client-config <ldap_client_config_name> -allow-ssl false
-
Verify that the use of SSL is no longer allowed for any LDAP clients:
vserver services name-service ldap client show