How do I enable secure access for remote LDAP users?

CAUTION 

CAUTION

Service Disruption

Performing the procedure requires a restart of each main server in the NFM-P system, which is service-affecting.

You must perform the procedure only during a scheduled maintenance period.

Note: In a redundant system, you must perform the procedure on the standby main server station first.

Note: The remote LDAP server must be operational and accessible to the NFM-P when you perform the procedure.

Note: Because of a Java update that enables endpoint identification on each LDAPS connection, an NFM-P system may no longer be able to connect to a secured LDAP server after you upgrade the NFM-P system. In such a case, you must populate the SAN field in the LDAP server TLS certificate with the LDAP server IP address, as required by the CA.

If you need to disable NFM-P endpoint verification, contact technical support for assistance.

Steps
 

Log in as the nsp user on the main server station.

Open a console window.

Navigate to the /opt/nsp/nfmp/server/nms/bin directory.

Enter the following to import the LDAP server TLS certificate to the NFM-P keystore:

bash$ ./nmsserver.bash add_to_keystore IP_address port

where

IP_address is the LDAP server IP address

port is the LDAP server port

The script prompts you for the keystore alias.

Press ↵ to accept the default.

The script prompts you for the keystore password.

Enter the keystore password.

The certificate is imported to the keystore.

Restart the main server.

Note: When you restart the primary main server in a redundant system, a server activity switch occurs, and the standby main server assumes the primary role.

  1. Enter the following:

    bash$ ./nmsserver.bash force_restart ↵

    The main server restarts.

  2. If you are restarting the standby main server in a redundant system, enter the following to display the server status:

    bash$ ./nmsserver.bash appserver_status ↵

    The server status is displayed; the server is fully initialized if the status is the following:

    Application Server process is running.  See nms_status for more detail.

    If the server is not fully initialized, wait five minutes and then repeat this step. Do not perform the next step until the server is fully initialized.

Close the console window.

End of steps