Requirement

Certificate will be needed to validate LDAP server securely

Environment

  • iDRAC settings (especially network related) has already been configured
  • Internal CA already configured
  • Internal CA certificate has already been installed on end-point machines
  • Latest iDRAC version is installed
  • DNS is working as per intended
  • Domain Controller is enabled with LDAP
  • Domain service account is configured and we already have the DN (e.g. CN=svciDRAC,OU=Users,OU=Infra,DC=example,DC=com)

Root certificate

  1. Need to export root DC certificate
  2. Open Manage Computer Certificate from CA
  3. From the folder Personal > Certificates, export your certificate
  4. Choose Base-64 .cer format and follow the prompt

Configuration

  1. Go to iDRAC web interface
  2. Navigate to iDRAC Settings > User Authentication > Directory Services
  3. Enable Generic LDAP Directory Services
  4. Edit the configuration
  5. We can upload the root cert when requested. This is to get encryption working between iDRAC and DC
  6. On common settings page,
    • Enable Generic LDAP
    • Use Distinguished Name to Search Group membership
    • Put your FQDN for LDAP server in LDAP server address
    • Port = 636
    • BindDN = DN for the domain service account
    • Update Bind Password
    • Key in password for service account in Bind Password
    • Base DN to search can be wide or narrow (e.g. DC=example,DC=com for root DN)
    • Attribute of User Login for AD is sAMAccountName (case sensitive)
    • Attribute of Group Membership = member
  7. On Group Settings, we can include the group DN and assign privileges
    The user account must be in this group to get privileges assigned to user.
    (e.g. CN=ServerAdmins,OU=SG-IT,OU=Employees,DC=example,DC=com)
Last modified: 12 March 2022