Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 240
  • Last Modified:

LDAPS - Multiple DC's/CA's

Hi guys,

I'm just starting to configure Identity Management for UNIX so that the Unix users can be controlled from the Windows 2012 AD environment.

These are new Unix servers, so there are currently no users on them that need mapping.

Anyway, I want to use LDAPS for authentication but trying to work out how the SSL cert will work.

We have 4x Domain Controllers which has had the 'Identity Management for UNIX ' component installed. Let's call them DC1, DC2, DC3 & DC4.

We have 2x CA's. CA1 is root, CA2 is subordinate.

The Server Authentication Certificate on DC1 has been issued by CA2, whereas the certificate on DC2, DC3 & DC4 have been issued by CA1.

They are all set to expire sometime in October 2014.

If I want to configure LDAPS on the Unix hosts so they can use 2-4 of the DC's for authentication, do I need to export the SSL cert from each of them? What will happen if the DC's change CA's in October when they renew? (Is that possible/probable?)
0
lltc78
Asked:
lltc78
  • 2
1 Solution
 
aces4all00Commented:
Are these standalone or enterprise (AD Integrated) CAs?

Either way it doesn't really matter which CA issues the certificates as long as they're part of the same PKI domain (they share the same root CA)

The IBM Redbook "Integrating AIX into Heterogeneous LDAP Environments" should help quite a bit.  The sections dealing with MS AD start around page 217.  It's centered around AIX 5.3L but you should be able to adapt for your Unix version.  It can be downloaded at http://publib-b.boulder.ibm.com/abstracts/sg247165.html?Open
0
 
lltc78Author Commented:
Just a quick question.
Does this even need LDAP for authentication or does it use Kerberos for that and LDAP for searches only?
0
 
aces4all00Commented:
You can configure it to work either way or to try Kerberos first then fault to ldap for auth
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now