Cisco Headend System Release 2.7
Appendix A
Enable the LDAP Client with TLS Authentication
24
4017610 Rev A
8 Type the following and press Enter to import the Root CA certificate into the
certificate database.
Note: This command uses the line continuation character (\) to indicate that the
command continues on the subsequent line.
Note: This command uses the line continuation character (\) to indicate that the
command continues on the subsequent line.
LDAP_Client#
/usr/sfw/bin/certutil -A -a -i /var/tmp/cacert.pem -n \
"RootCA" -t "CT" -d /var/ldap
9 Did the system execute the previous command correctly?
If yes, continue with the next step in this procedure.
If no, contact Cisco Services and provide a screen capture from the above
command.
command.
10 Initialize the LDAP client by typing the following and pressing Enter.
Note: This command uses the line continuation character (\) to indicate that the
command continues on the subsequent line.
command continues on the subsequent line.
LDAP_Client#
ldapclient -vv init \
-a profileName=tls_simple_profile \
-a proxyDN=cn=readonly,dc=example,dc=com -a proxyPassword=secret \
-a certificatePath=/var/ldap \
-a domainName=example.com \
-a "defaultServerList=ldapsrvr"
11 Did the system execute the previous command correctly?
If yes, continue with the next step in this procedure.
If no, contact Cisco Services and provide a screen capture from the above
command.
command.
12 Use a text editor such as vi to open the /etc/nsswitch.conf file and add the ldap
tag only for password, group, and netgroup entries as shown in the following
example:
example:
passwd: files ldap
group: files ldap
netgroup: ldap
13 Save and close the /etc/nsswitch.conf file.