(Optional) Enforcing secure access by using LDAP
If your company policy requires secure access, you can use a certificate with your LDAP service to set up secure access for your users. For example, you can configure Active Directory (AD) accounts to manage External Authentication for users or user groups. The user interface to enable AD includes a Secure option, which enforces certificate-based security. For more information, see Managing User Accounts.
If your LDAP service uses a Certificate Authority (CA), then the certificate signed by that CA should support this feature as it is. Simply turn on the Secure option when you are setting up your AD connection.
If your LDAP service uses a self-signed certificate, then you must install that certificate on the Turbonomic authorization pod. The steps you will perform include:
Get the certificate from your LDAP server
Import the certificate to the platform's TrustStore
Add the certificate to the Turbonomic platform's authorization pod
Enable the TrustStore in the Turbonomic platform's Operator chart
The procedure to install the certificate is different depending on the version of Turbonomic that you initially installed, or whether you are using Red Hat OpenShift.
-
If you initially installed Turbonomic 8.1.5 or later, see 8.1.5 or Later OVA: Installing a Self-signed Certificate
-
If you initially installed Turbonomic 8.1.4 or earlier, see 8.1.4 or Earlier OVA: Installing a Self-signed Certificate.
-
If you installed Turbonomic using Red Hat OpenShift, see Red Hat OpenShift: Installing a Self-signed Certificate.
kubectl describe pod auth <TAB>
auth-secret: Type: Secret (a volume populated by a Secret) SecretName: auth-secret Optional: true
If you do not see that line, use the 8.1.4 or Earlier OVA: Installing a Self-signed Certificate steps.