Yes, the FMS supports the use of secure LDAP.
Use the following instructions if you need to encrypt communication between the Management Server and the LDAP server.
To encrypt communication between Management Server and LDAP:
- Acquire the LDAP server's certificate authority certificate in .pem format from the security team.
- Import the certificate into the Management Server keystore, <foglight_home>\jre\lib\security\cacerts (default password: changeit), with the following command:
<foglight_home>\jre\bin\keytool -import -trustcacerts -alias ldapsvrcert -keystore <path_to_cacerts> -storepass changeit -file <path_to_cert_file>
Note 1: If you do not specify the password using the -storepass option, keytool prompts you to supply it.
Note 2: If a Root CA cert or other intermediate CA cert is required, please import them with the command one by one ( each input need unique alias name)
For Examples:
For root CA, we can use <foglight_home>\jre\bin\keytool -import -trustcacerts -alias ldapsvrcert -keystore <path_to_keystore> -storepass changeit -file <path_to_cert_file>
For intermediate ca, we can use <foglight_home>\jre\bin\keytool -import -alias ldapsvrcert2 -keystore <path_to_keystore> -storepass changeit -file <path_to_cert_file>
For intermediate ca2, we can use <foglight_home>\jre\bin\keytool -import -alias ldapsvrcert3 -keystore <path_to_keystore> -storepass changeit -file <path_to_cert_file>
3. On the navigation panel, under Dashboards, click Administration > Users & Security > Directory Services Settings.
4. Under LDAP Locations, click Edit.
Specify the LDAP server URL in the following format: ldaps://ldap_server_host_name:636
Note: The port number for LDAP over SSL is usually 636. Confirm the exact port number with your LDAP server administrator.
5. Restart the Management Server.