(Optional) Enforcing secure access by using LDAP

If your company policy requires secure access, you can use a certificate with your LDAP service to set up secure access for your users. For example, you can configure Active Directory (AD) accounts to manage External Authentication for users or user groups. The user interface to enable AD includes a Secure option, which enforces certificate-based security. For more information, see Managing User Accounts.

If your LDAP service uses a Certificate Authority (CA), then the certificate signed by that CA should support this feature as it is. Simply turn on the Secure option when you are setting up your AD connection.

If your LDAP service uses a self-signed certificate, then you must install that certificate on the Turbonomic authorization pod. The steps you will perform include:

  • Get the certificate from your LDAP server

  • Import the certificate to the platform's TrustStore

  • Add the certificate to the Turbonomic platform's authorization pod

  • Enable the TrustStore in the Turbonomic platform's Operator chart

The procedure to install the certificate is different depending on the version of Turbonomic that you initially installed, or whether you are using Red Hat OpenShift.

Note:
To determine when your Turbonomic instance was initially installed, you can run a describe on the auth pod to see if the instance is using gluster. Run the following command:
kubectl describe pod auth <TAB>
If you see the following line, continue using the 8.1.5 or Later OVA: Installing a Self-signed Certificate steps:
auth-secret: Type: Secret (a volume populated by a Secret) SecretName: auth-secret Optional: true

If you do not see that line, use the 8.1.4 or Earlier OVA: Installing a Self-signed Certificate steps.