Tripp Lite B0930082E4U Owners Manual for B093- B097- and B098-Series Console S - Page 173
Server Address, Server Protocol, LDAP over SSL preferred, LDAP over SSL only, LDAP no SSL only,
View all Tripp Lite B0930082E4U manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 173 highlights
9. Authentication • Enter the Server Address (IP or host name) of the remote authentication server. Multiple remote servers may be specified in a comma-separated list. Each server is tried in succession. • Check the Server Protocol box to select if SSL is to be used and/or enforced for communications with the LDAP server. Console servers running firmware version 3.11 and above offer three options for LDAPS (LDAP over SSL): o LDAP over SSL preferred: will attempt to use SSL for authentication. If it fails, it will default to LDAP without SSL. For example, LDAP over SSL may fail due to certificate errors or the LDAP server cannot be contacted on the LDAPS port. o LDAP over SSL only: will configure the Tripp Lite device to only accept LDAP over SSL. If LDAP over SSL fails, you will only be able to log into the console server as root. o LDAP (no SSL) only: will configure the Tripp Lite device to only accept LDAP without SSL. If LDAP without SSL fails, you will only be able to log into the console server as root. • The Ignore SSL Certificate Error checkbox enables you to ignore SSL certificate errors, in effect allowing LDAP over SSL to work, regardless of these errors. You can use any certificate, self-signed or otherwise, on the LDAP server without having to install any certificates on the console server. If this setting is not checked, you must install the CA (certificate authority) certificate with which the LDAP server's certificate was signed onto the console server. For example, the LDAP server provides a certificate signed myCA.crt. Note: The certificate needs to be in CRT format and myCA.crt needs to be installed on console server at /etc/config/ldaps_ca.crt. Also, the file name must be ldaps_ca.crt. You will need to copy the file to this location and manually name using 'scp' or the like. Some examples include: scp /local/path/to/myCA.c rt root@console_server:/etc/config/ldaps_ca.crt 173