A trusted method to automatically configure LDAP server on client managed servers
Publication Date: 2015-Dec-29
The IP.com Prior Art Database
Disclosed is a method to provide secure and trusted channels between the Managed Nodes managed by Management Server and LDAP server using Trusted Certificates. The method will enable secure way of LDAP interaction with managed servers, which presently is for LDAP to Client channel and not Client to managed server channels.
Page 01 of 2
A trusted method to automatically configure LDAP server on client managed servers There is no method available to configure Multiple Nodes with LDAP server unless manually configured and provisioned through a Managed service (like in power systems CMM / FSP / LDAP).
A system or a configuration, which will enable the user to automatically configure LDAP (Lightweight Directory Access Protocol) server (Windows/OpenLDAP), once the Management Sever for example HMC (Hardware management Console) or CMM (Chassis management Module) has been configured with the LDAP information, the managed servers (Blade or Stand-alone server) can get the Bind information automatically. For this to happen the client and server should have a handshake in advance through a trusted certificate. This will enable the Management Server to handshake with connected managed nodes and use Bind Authentication method to configure the server with LDAP users. This will enable all the connected servers to authenticate via LDAP users configured in LDAP server.
TC1 is the Trust Certificate to be placed manually on MS and LDAP server which uses 636 secured port, a part of LDAP standards. TC2 is manually added on to MS and MN and whenever certificate2 is presented to the MN for use of its service, its signature is verified before the subject holder is authenticated. After the bind process is successfully completed, the certificate holder (MN) will be provided access to LDAP server. This method provides more secure authentication channel by using Trusted certification validation as shown in Figure 1.
In the current known methods TC1 is alone placed and the uniqueness of this method is the use of TC2 (trusted certificates on Management server and managed nodes to provide a secure channel as in above figure.
Removal of certificate TC1 from either LDAP server or...