How To
Summary
This document describes how to remove HMC ldap configuration and reconfigure it.
Objective
LDAP Configuration nslcd.conf has incorrect permissions. This configuration prevents configuration changes from being saved.
Steps
Then, reconfigure LDAP by HMC commands:
HMC Manual Reference Pages - GETFILE (1)
getfile -t {krbkeyfile | ldapcacert | rsyslogcacert | rsysloghmccert | rsysloghmckey} -l {l | s} -f file [-h host-name -u user-ID [--passwd password] [-k SSH-private-key]] [--help]
Example:
Get the LDAP CA certificate file locally from the user’s home directory, then deploy the file on the HMC:
getfile -t ldapcacert -l l -f <full-path-to-cert-file>
Note:
You have to import the certificate of the certification authority (CA) who signed the LDAP server's certificate first. This operation can't be done by using the GUI, right now there is a panel called "Manage Certificates" but this only deals with certificates for the HMC itself, not for LDAP servers. Therefore, one has to import the certificate on the command line, this action can be done with the command stated previously.
HMC understands certificates in a PEM and DER formats. If you have certificate in p7b format, you might want to convert it using one of the following commands on your workstation before you can import on HMC:
openssl pkcs7 -print_certs -in certificate.p7b -out certificate.cer
openssl pkcs7 -in file.p7b -outform DER -out file.der
openssl pkcs7 -in file.p7b -outform PEM -out file.pem
Related Information
Document Location
Worldwide
Was this topic helpful?
Document Information
Modified date:
29 December 2022
UID
ibm16395496