Comware

 View Only
last person joined: 4 days ago 

Expand all | Collapse all

Authentication for SSH users by an LDAPS

This thread has been viewed 15 times
  • 1.  Authentication for SSH users by an LDAPS

    Posted Apr 08, 2022 04:24 PM
    LDAP for ssh authentication works fine.
    ip 10.10.10.10 port 389

    Does the HP flexFabric 5700, 5800 support LDAPS? The LDAPS  always displays "access denied"
    ip 10.10.10.10 port 636

    I followed the instructions to setup LDAP:

    HPE FlexFabric 5710 Switch Series Security Configuration Guide
    https://techhub.hpe.com/eginfolib/networking/docs/switches/5710/5200-5002_security_cg/content/index.htm

    reagrds
    medera

    ------------------------------
    ana medera
    ------------------------------


  • 2.  RE: Authentication for SSH users by an LDAPS

    Posted Apr 29, 2022 02:29 AM
    Configure the switch to meet the following requirements:
    • Use the LDAP server to authenticate SSH users.
    • Assign the level-0 user role to SSH users after they pass authentication.


    ------------------------------
    James Gross
    ------------------------------



  • 3.  RE: Authentication for SSH users by an LDAPS

    EMPLOYEE
    Posted Apr 29, 2022 02:58 AM
    In the documentation for 5700 and 58xx series (BTW, 58xx are running Comware 5, old and unsupported) there is no mention for LDAPS or LDAP over TLS. The command 'protocol-version' has only two arguments: 'v2' and 'v3', so I am afraid when you point the port 636, the switch tries to use clear-text LDAP on that port, not TLS, that is the most probable cause why it fails.

    ------------------------------
    Ivan Bondar
    ------------------------------