How to set ONTAP to use LDAP Signing or Sealing for CIFS/NFS
Applies to
- ONTAP 9
- Common Internet File System (CIFS)
- Network File System (NFS)
- Lightweight Directory Access Protocol (LDAP)
Description
- Beginning in ONTAP 9, you can configure signing and sealing to enable LDAP session security on queries to an Active Directory (AD) server.
- You must configure the CIFS server security settings on the storage virtual machine (SVM) to correspond to those on the LDAP server.
- Signing confirms the integrity of the LDAP payload data using secret key technology.
- Sealing encrypts the LDAP payload data to avoid transmitting sensitive information in clear text.
- An LDAP Security Level option indicates whether the LDAP traffic needs to be signed, signed and sealed, or neither. The default is none.
- Setting these options are expected to be non-disruptive operations. Existing cifs\nfs connections will not be impacted by this change: More information