The LDAP - TLS Profile is used to add the Domain Controller root certificate to the SBC.
Command Syntax
To configure ldapTlsProfile
set profiles security ldapTlsProfile <Profile Name> ldapCaCerts <PkiRootCertificateFile Name>
To delete AD Root certificate
delete profiles security ldapTlsProfile defaultLdapTlsProfile ldapCaCerts <Certificate Name>
Command Parameters
The parameters ldapTlsProfile and ldapCaCerts are described below:
| Parameter | Length/Range | Default | Description | M/O |
|---|---|---|---|---|
ldapTlsProfile | N/A | defaultLdapTlsProfile |
| M |
ldapCaCerts | N/A | N/A | <profile name> – The name of CA certificate referred to by the LDAP-TLS profile. | M |
Command Example
Note
Ensure you perform the following steps before you perform the configuration.
- Load the root certificate to
/opt/sonus/externaldirectory by copying the downloaded certificate file or through the EMA. - Convert the root certificate file into .der file:
openssl x509 -inform PEM -in <infile.cer> -outform DER -out <outfile>.der.
- To configure the AD root certificate:
set system security pki certificate PkiCert type remote fileName ldapFirst.der state enabled
- To configure the LdapTlsProfile:
set profiles security ldapTlsProfile defaultLdapTlsProfile ldapCaCerts PkiCert
- To delete the AD root certificate:
delete profiles security ldapTlsProfile defaultLdapTlsProfile ldapCaCerts PkiCert
Overview
Content Tools