Configure LDAP clients to use TLS for highest security

Download PDF of this page

Before upgrading to the target ONTAP release, you must configure LDAP clients using SSLv3 for secure communications with LDAP servers to use TLS. SSL will not be available after the upgrade.

By default, LDAP communications between client and server applications are not encrypted. You must disallow the use of SSL and enforce the use of TLS.

  1. Verify that the LDAP servers in your environment support TLS.

    If they do not, do not proceed. You should upgrade your LDAP servers to a version that supports TLS.

  2. Check which ONTAP LDAP client configurations have LDAP over SSL/TLS enabled: vserver services name-service ldap client show

    If there are none, you can skip the remaining steps. However, you should consider using LDAP over TLS for better security.

  3. For each LDAP client configuration, disallow SSL to enforce the use of TLS: vserver services name-service ldap client modify -vserver vserver_name -client-config ldap_client_config_name -allow-ssl false

  4. Verify that the use of SSL is no longer allowed for any LDAP clients: vserver services name-service ldap client show

Related information