Comware

Hello,

I am new to HPE. I am trying to integrate LDAP 636 between HPE 10508 and our AD server. I couldn't find and documentation of how to import a certificate to 10508 switch. 
Can any one help me with that please.

Thanks
Hassan

Hi Hassan,

Check this version of Security Configuration Guide - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c05368314 , section "Configuring PKI". However, I foresee the issue with LDAPS (LDAP over TLS, at least since you mentioned '636' it must be a port number that LDAPS uses), because as far as I know this switch doesn't support it.



------------------------------
Ivan Bondar
------------------------------

Original Message:
Sent: Jun 09, 2022 03:16 PM
From: Hassan Shamat
Subject: How to import a certificate to 10508 switch


Hello,

I am new to HPE. I am trying to integrate LDAP 636 between HPE 10508 and our AD server. I couldn't find and documentation of how to import a certificate to 10508 switch. 
Can any one help me with that please.

Thanks
Hassan

Hi Ivan,

Thank you for your response. So you are saying, 10508 switch doesn't support secure LDAP? 

Thank you
Hassan
Original Message:
Sent: Jun 15, 2022 07:18 AM
From: Ivan ivan.bondar@hpe.com
Subject: How to import a certificate to 10508 switch

Hi Hassan,

Check this version of Security Configuration Guide - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c05368314 , section "Configuring PKI". However, I foresee the issue with LDAPS (LDAP over TLS, at least since you mentioned '636' it must be a port number that LDAPS uses), because as far as I know this switch doesn't support it.



------------------------------
Ivan Bondar

Original Message:
Sent: Jun 09, 2022 03:16 PM
From: Hassan Shamat
Subject: How to import a certificate to 10508 switch


Hello,

I am new to HPE. I am trying to integrate LDAP 636 between HPE 10508 and our AD server. I couldn't find and documentation of how to import a certificate to 10508 switch. 
Can any one help me with that please.

Thanks
Hassan

Yes, at least neither release notes nor configuration guides have any mention about LDAP over TLS (or LDAPS). What they say they support is clear-text LDAP v2 or v3.

------------------------------
Ivan Bondar
------------------------------

Original Message:
Sent: Jun 15, 2022 10:57 AM
From: Hassan Shamat
Subject: How to import a certificate to 10508 switch

Hi Ivan,

Thank you for your response. So you are saying, 10508 switch doesn't support secure LDAP? 

Thank you
Hassan
Original Message:
Sent: Jun 15, 2022 07:18 AM
From: Ivan ivan.bondar@hpe.com
Subject: How to import a certificate to 10508 switch

Hi Hassan,

Check this version of Security Configuration Guide - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c05368314 , section "Configuring PKI". However, I foresee the issue with LDAPS (LDAP over TLS, at least since you mentioned '636' it must be a port number that LDAPS uses), because as far as I know this switch doesn't support it.



------------------------------
Ivan Bondar

Original Message:
Sent: Jun 09, 2022 03:16 PM
From: Hassan Shamat
Subject: How to import a certificate to 10508 switch


Hello,

I am new to HPE. I am trying to integrate LDAP 636 between HPE 10508 and our AD server. I couldn't find and documentation of how to import a certificate to 10508 switch. 
Can any one help me with that please.

Thanks
Hassan

Thank you Ivan. I've been looking for quite sometime now.
Original Message:
Sent: Jun 15, 2022 07:18 AM
From: Ivan ivan.bondar@hpe.com
Subject: How to import a certificate to 10508 switch

Hi Hassan,

Check this version of Security Configuration Guide - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c05368314 , section "Configuring PKI". However, I foresee the issue with LDAPS (LDAP over TLS, at least since you mentioned '636' it must be a port number that LDAPS uses), because as far as I know this switch doesn't support it.



------------------------------
Ivan Bondar

Original Message:
Sent: Jun 09, 2022 03:16 PM
From: Hassan Shamat
Subject: How to import a certificate to 10508 switch


Hello,

I am new to HPE. I am trying to integrate LDAP 636 between HPE 10508 and our AD server. I couldn't find and documentation of how to import a certificate to 10508 switch. 
Can any one help me with that please.

Thanks
Hassan

Hi Ivan,

I tried to configure LDAP plain connection "using port 389" with the below configuration, but still unable to authenticate using LDAP. Am I missing something here? I have checked the documentation you shared and followed the exampled mentioned.  
I am configuring this on {HPE Comware Software, Version 7.1.070, Release 7557P03
Copyright (c) 2010-2017 Hewlett Packard Enterprise Development LP
HP 10508  }



system-view
local-user admin class manage
password simple P@ssw0rD123!!!
service-type ssh
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
quit
public-key local create rsa
public-key local create dsa
ssh server enable
line vty 0 63
authentication-mode scheme
protocol inbound ssh
quit
ldap server hpe-LDAP
ip 192.168.1.10
ip 192.168.1.11
login-dn CN=netuser,OU=Network_admins,OU=Primary,OU=Data,DC=mydomain,DC=ca
login-password simple LD@P!!@@##
search-base-dn DC=mydomain,DC=ca
quit
ldap scheme HPE-LDAP-SCHEME
authentication server HPE-LDAP
quit
domain mydomain
authentication login ldap-scheme HPE-LDAP-SCHEME local
authorization login none
accounting loging none
user-name-format without-domain
quit
save force


Thank you, I appreciate your help
Hassan
Original Message:
Sent: Jun 15, 2022 07:18 AM
From: Ivan ivan.bondar@hpe.com
Subject: How to import a certificate to 10508 switch

Hi Hassan,

Check this version of Security Configuration Guide - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c05368314 , section "Configuring PKI". However, I foresee the issue with LDAPS (LDAP over TLS, at least since you mentioned '636' it must be a port number that LDAPS uses), because as far as I know this switch doesn't support it.



------------------------------
Ivan Bondar

Original Message:
Sent: Jun 09, 2022 03:16 PM
From: Hassan Shamat
Subject: How to import a certificate to 10508 switch


Hello,

I am new to HPE. I am trying to integrate LDAP 636 between HPE 10508 and our AD server. I couldn't find and documentation of how to import a certificate to 10508 switch. 
Can any one help me with that please.

Thanks
Hassan

It's been a long time since I played with LDAP, at first glance configuration looks fine, but check a couple of things:

- IPs 192.168.1.10 and .11 are reachable from the switch. If ICMP is not filtered on the server, just ping them.
- You log in with the domain name. Since you have configured 'domain mydomain' In your case it is '@mydomain', not '@mydomain.ca'. For example 'network-admin@mydomain'.

------------------------------
Ivan Bondar
------------------------------

Original Message:
Sent: Jun 22, 2022 11:03 AM
From: Hassan Shamat
Subject: How to import a certificate to 10508 switch

Hi Ivan,

I tried to configure LDAP plain connection "using port 389" with the below configuration, but still unable to authenticate using LDAP. Am I missing something here? I have checked the documentation you shared and followed the exampled mentioned.  
I am configuring this on {HPE Comware Software, Version 7.1.070, Release 7557P03
Copyright (c) 2010-2017 Hewlett Packard Enterprise Development LP
HP 10508  }



system-view
local-user admin class manage
password simple P@ssw0rD123!!!
service-type ssh
authorization-attribute user-role network-admin
authorization-attribute user-role network-operator
quit
public-key local create rsa
public-key local create dsa
ssh server enable
line vty 0 63
authentication-mode scheme
protocol inbound ssh
quit
ldap server hpe-LDAP
ip 192.168.1.10
ip 192.168.1.11
login-dn CN=netuser,OU=Network_admins,OU=Primary,OU=Data,DC=mydomain,DC=ca
login-password simple LD@P!!@@##
search-base-dn DC=mydomain,DC=ca
quit
ldap scheme HPE-LDAP-SCHEME
authentication server HPE-LDAP
quit
domain mydomain
authentication login ldap-scheme HPE-LDAP-SCHEME local
authorization login none
accounting loging none
user-name-format without-domain
quit
save force


Thank you, I appreciate your help
Hassan
Original Message:
Sent: Jun 15, 2022 07:18 AM
From: Ivan ivan.bondar@hpe.com
Subject: How to import a certificate to 10508 switch

Hi Hassan,

Check this version of Security Configuration Guide - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c05368314 , section "Configuring PKI". However, I foresee the issue with LDAPS (LDAP over TLS, at least since you mentioned '636' it must be a port number that LDAPS uses), because as far as I know this switch doesn't support it.



------------------------------
Ivan Bondar

Original Message:
Sent: Jun 09, 2022 03:16 PM
From: Hassan Shamat
Subject: How to import a certificate to 10508 switch


Hello,

I am new to HPE. I am trying to integrate LDAP 636 between HPE 10508 and our AD server. I couldn't find and documentation of how to import a certificate to 10508 switch. 
Can any one help me with that please.

Thanks
Hassan

Thank you for the quick response, that was my first test, there's reachability between the switch and the server. I have tried accessing with/without the domain name, but still. I tested this user and it's connected, actually I am using the same user to bind LDAP on Palo Alto and it's working fine.
Original Message:
Sent: Jun 15, 2022 07:18 AM
From: Ivan ivan.bondar@hpe.com
Subject: How to import a certificate to 10508 switch

Hi Hassan,

Check this version of Security Configuration Guide - https://support.hpe.com/hpesc/public/docDisplay?docLocale=en_US&docId=c05368314 , section "Configuring PKI". However, I foresee the issue with LDAPS (LDAP over TLS, at least since you mentioned '636' it must be a port number that LDAPS uses), because as far as I know this switch doesn't support it.



------------------------------
Ivan Bondar

Original Message:
Sent: Jun 09, 2022 03:16 PM
From: Hassan Shamat
Subject: How to import a certificate to 10508 switch


Hello,

I am new to HPE. I am trying to integrate LDAP 636 between HPE 10508 and our AD server. I couldn't find and documentation of how to import a certificate to 10508 switch. 
Can any one help me with that please.

Thanks
Hassan