- Download Diff

Summary:

Bug 761 - LDAPS support for admin|AS-14161|

Review Request #356 — Created July 22, 2024 and submitted Aug. 8, 2024, 11:44 a.m.

Information
Owner:	kdutta
Repository:	APV10
Branch:	rel_apv_10_7, rel_apv_10_7_0_sbi
Bugs:
Depends On:
Reviewers
Groups:
People:	mmiriam, pradeep, prajesh, rvempati, satyendra, tanya, timlai

Description

Bug 761 - LDAPS support for admin|AS-14161|

Testing Done

Old CLI

A2JJNpshK3(config)#admin aaa server ?
id, es01 or es02(if server es01 is down, request will be sent to server es02)

A2JJNpshK3(config)#

New CLI

AN(config)#admin aaa server ?
es01 Configure external RADIUS authentication server
es02 Configure external TACACS authentication server
es03 Configure external LDAP authentication server
es04 Configure external LDAPS authentication server

AN(config)#admin aaa server

Old Method list

A2JJNpshK3(config)#admin aaa method ?
method name(RADIUS or TAC_X, default is RADIUS)

A2JJNpshK3(config)#

New Method list

AN(config)#admin aaa method ?
method name(RADIUS or TAC_X or LDAP or LDAPS , default is RADIUS)

AN(config)

Old No CLI

A2JJNpshK3(config)#no admin aaa server ?
server id

A2JJNpshK3(

New No CLI

AN(config)#no admin aaa server ?
es01 Delete external RADIUS authentication server
es02 Delete external TACACS authentication server
es03 Delete external LDAP authentication server
es04 Delete external LDAPS authentication server

AN(config)#no admin aaa server es04 ?
clientcert Delete client certificate
clientkey Delete client key
rootca Delete CA certificate used for client authentication
settings Delete ldaps server settings
verifycert Disable certificate verification

AN(config)#

LDAP Method

AN(config)#admin aaa server es03 ?
Host name or ip address

AN(config)#admin aaa server es03 "127.0.0.1" ?
Port

AN(config)#admin aaa server es03 "127.0.0.1" 123 ?
dn (Ex. OU=Eng,dc=example,dc=in)

AN(config)#admin aaa server es03 "127.0.0.1" 123 "OU=Eng,dc=example,dc=in" ?
memberOf (Ex. CN=Engineering,DC=example,DC=in)

AN(config)#admin aaa server es03 "127.0.0.1" 123 "OU=Eng,dc=example,dc=in" "CN$

AN(config)#show admin aaa all
admin aaa off
admin aaa authorize off
admin aaa method LDAP
admin aaa server es03 "127.0.0.1" 123 "OU=Eng,dc=example,dc=in" "CN=Engineering,DC=example,DC=in"

AN(config)#

LDAPS Method (With Certificate verification)

AN(config)#admin aaa server es04 ?
clientcert Import PEM client certificate
clientkey Import PEM client key
rootca Import CA certificate used for client authentication
settings Configure external authentication server settings
verifycert Enable/Disable certificate verification

AN(config)#

AN(config)#show admin aaa all
admin aaa on 1
admin aaa authorize on
admin aaa method LDAPS
admin aaa server es04 settings "ARRAY-BLR-AD.ARRAYLAB.IN" 636 "OU=Development,DC=ARRAYLAB,DC=IN" "CN=Engineering,OU=Development,DC=ARRAYLAB,DC=IN"
admin aaa server es04 verifycert 1
----- Client Certificate -----
-----BEGIN CERTIFICATE-----
MIIF0zCCBLugAwIBAgITEgAAAA/JmDC+ouQUEwAAAAAADzANBgkqhkiG9w0BAQsF
ADBRMRIwEAYKCZImiZPyLGQBGRYCSU4xGDAWBgoJkiaJk/IsZAEZFghBUlJBWUxB
QjEhMB8GA1UEAxMYQVJSQVlMQUItQVJSQVktQkxSLUFELUNBMB4XDTI0MDUzMTA4
MDE1MVoXDTI2MDUzMTA4MTE1MVowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
AQoCggEBAL5A/II1DJ5TGvpATHx3tcIv6a0JNcacBa3RdTzzGqicEfDSzuyv1EQ+
M2hiypRIHpplFyDI7cYuN6qB5HK3rk77zlpq4VaGC4d/OLeiNRv3qHivTGtf7AVY
GVDCL0AGe6ZFI+uli7vLRL81026MSVAzrGYCCm5+12w/Up65uuDPJboGATw9zvzE
ATOX7cJvkm+LE55yO+yNMCmY7N4ag3G3GBxRj41/dgVqi3hsZID0tk1o0Wpw7LFf
pG6zdvLrjsFgq08Yp50WO+43WOh9tjwcarYOTS4fkCdBXm7ZVjezQ59looaLSyJd
tpQukH4jzSLU8Ffm4mRgqT4am6jAEe0CAwEAAaOCAvMwggLvMD0GCSsGAQQBgjcV
BwQwMC4GJisGAQQBgjcVCIb6tV+BmoIKhdGFC4Phg0eGhcwYM4X9khiF4o1IAgFk
AgEDMDIGA1UdJQQrMCkGBysGAQUCAwUGCisGAQQBgjcUAgIGCCsGAQUFBwMBBggr
BgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwQAYJKwYBBAGCNxUKBDMwMTAJBgcrBgEF
AgMFMAwGCisGAQQBgjcUAgIwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwHQYDVR0O
BBYEFA51U9e9XRWgP03Nk/EUvVh6S9uNMB8GA1UdIwQYMBaAFGTgtdLTvecet7eF
wa067VYjUjn9MIHbBgNVHR8EgdMwgdAwgc2ggcqggceGgcRsZGFwOi8vL0NOPUFS
UkFZTEFCLUFSUkFZLUJMUi1BRC1DQSxDTj1BUlJBWS1CTFItQUQsQ049Q0RQLENO
PVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3Vy
YXRpb24sREM9QVJSQVlMQUIsREM9SU4/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlz
dD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIHKBggrBgEF
BQcBAQSBvTCBujCBtwYIKwYBBQUHMAKGgapsZGFwOi8vL0NOPUFSUkFZTEFCLUFS
UkFZLUJMUi1BRC1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMs
Q049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1BUlJBWUxBQixEQz1JTj9j
QUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhv
cml0eTA9BgNVHREBAf8EMzAxghhBUlJBWS1CTFItQUQuQVJSQVlMQUIuSU6CC0FS
UkFZTEFCLklOgghBUlJBWUxBQjANBgkqhkiG9w0BAQsFAAOCAQEAx1/jvWgy5tnM
lrKWkz7seN37eLJip8Jo8aAjWESYAaZjCW+a+/h8KDlDRH1ooQPdE+FSsg/aKqOp
gh6BAKgSEDMYgr8JuRE9UvH09v05FxSvXlusUEsYBTLJFjDZ92k9ng0MKKkM6rSs
c9oQ9JSWM0UrPT4cKVx/57/EN1Xun7beaDKxT8Wq+uvgFmgXVcBU7f7TMKUsm8RB
PhV265XUtw2jlk0ETlNFRr4tOfdmGjYFjd+FITCKjJCd9Ksb9fqmSgEmwUgvAorQ
BVqDQR2tBpC8TBZUQrrY4b0FQXeI2qchiG08uGVDTTb58KKhVi3MzZw4Lc2ifuvI
r//3Jz1ciA==
-----END CERTIFICATE-----
----- Root CA -----
-----BEGIN CERTIFICATE-----
MIIDfTCCAmWgAwIBAgIQLm876mIDrJREaQopaAdAQjANBgkqhkiG9w0BAQsFADBR
MRIwEAYKCZImiZPyLGQBGRYCSU4xGDAWBgoJkiaJk/IsZAEZFghBUlJBWUxBQjEh
MB8GA1UEAxMYQVJSQVlMQUItQVJSQVktQkxSLUFELUNBMB4XDTI0MDIyODE4MDY1
MloXDTI5MDIyODE4MTY1MlowUTESMBAGCgmSJomT8ixkARkWAklOMRgwFgYKCZIm
iZPyLGQBGRYIQVJSQVlMQUIxITAfBgNVBAMTGEFSUkFZTEFCLUFSUkFZLUJMUi1B
RC1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPm/IQmRi4jru4fe
8uJ6aMq6dm+bJWV/jQ69IXECWKrMXTcu2KhirTVo0xnO4mjF1VHka2o1Y8726W3h
+0zgjsY2ursq6/IibkRf00s15lwwGnq5vaU0Mcq3xLkuYnpK1KZApO4onxS+1eQZ
lyD2iZWWzYI+acs3iFSlLUyIXa2zKwjZVgRv0h543EdUu4qheXA0csYf9do2brsS
JvXzv5ZoWMWLx+iabjid/lQkiq1+5sbKcm2Ii/uXqTvmza5F/84DfTrqnA83GaIm
LYPsF2gDGtoh0yHtja2aBEzq1NOyi86d2H3zBzWZFd3dD8YTF04O2EQ8dxzMNSVn
69j24a0CAwEAAaNRME8wCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
VR0OBBYEFGTgtdLTvecet7eFwa067VYjUjn9MBAGCSsGAQQBgjcVAQQDAgEAMA0G
CSqGSIb3DQEBCwUAA4IBAQCOfKVGc5lRgMi65iKiaKcq2go45mx+MAniIXbKxwXO
xogB4Hoocdq8Crt2/Nn4bqxYysPfCzb+ZNjjz2FJBGyNMY1V7KG+R56g4Rye+2cf
NTFMUPlbyoYDRpZs+13tEXwA2DnG7Vwz57qoKarC4ArJT4hK5UGW9Y5S0PhBZxf4
+dBkrxK6ZdImBdu9vUjiS4VRhXQ/FCvjIcx/gngKhJM9XmoBfGmTb7xhlnqSreYD
DisLmwsE+jm2fzvWE0U3K5QAsH48j8xyhykato23WH9RRpLkdsqEFNUOP4kSU8IZ
LQFcKl4TkfpmueYytzmyALtUN0kuTEIEvBgnFX5tV6Z3
-----END CERTIFICATE-----

AN(config)#

Authorized User

login as: kdutta@arraylab.in
kdutta@arraylab.in@192.168.162.126's password:
Last login: Tue Jul 23 02:36:09 2024 from 192.168.162.197
ArrayOS Beta.APV.10.7.2.1 - untagged unofficial build by uid=0(root) gid=0(root) groups=0(root) on DevAnsuk: on Mon Jul 22 13:20:14 2024
Copyright (c) 2000-2024 Array Networks Inc. All rights reserved.

Type "?" for available commands

!!Reminder!! Please log on to the WebUI to register this system.

AN>en
Enable password:

AN#c t
Someone else is in config mode.
Access denied!
Failed to execute "c t"

AN#c t force

AN(config)#

Unauthorized User

login as: kdutta@arraylab.in
kdutta@arraylab.in@192.168.162.126's password:
Last login: Tue Jul 23 02:48:19 2024 from 192.168.162.197
ArrayOS Beta.APV.10.7.2.1 - untagged unofficial build by uid=0(root) gid=0(root) groups=0(root) on DevAnsuk: on Mon Jul 22 13:20:14 2024
Copyright (c) 2000-2024 Array Networks Inc. All rights reserved.

Type "?" for available commands

!!Reminder!! Please log on to the WebUI to register this system.

AN>en
Enable password:

AN#
AN#c t
You are enable user, config mode entrance denied.
Failed to execute "c t"

AN#

LDAPS Method (Without Certificate verification)

AN(config)#

$n1S%8QwUc$V

Issues

Description	From	Last Updated
is there a way we can define multiple servers under es03? Looks like we can define only one. Were we …	prajesh	July 22, 2024, 6:05 p.m.
ldap => LDAP	prajesh	July 22, 2024, 6:01 p.m.
ldaps => LDAPS	prajesh	July 22, 2024, 6:01 p.m.

People:

+	mmiriam
+	rvempati
+	timlai
+	satyendra
+	pradeep

Ship it!

```
Ship It!
```

branches/rel_apv_10_7/usr/click/lib/libexauth/auth_ext_cli.c (Diff revision 1)

Show all issues

is there a way we can define multiple servers under es03? Looks like we can define only one. Were we able to define multiple tacacs servers earlier?

kdutta July 22, 2024, 6:01 p.m.

For tacacs and radius we have fall back so we can efine multiple but here we can use only one.

branches/rel_apv_10_7/usr/click/lib/libparser/commands.pm (Diff revision 1)
Show all issues
```
ldap => LDAP
```
branches/rel_apv_10_7/usr/click/lib/libparser/commands.pm (Diff revision 1)
Show all issues
```
ldaps => LDAPS
```

Diff:

Revision 2 (+183 -55)

Show changes

	branches/rel_apv_10_7/usr/click/lib/libexauth/auth_ext_cli.h
	branches/rel_apv_10_7/usr/click/lib/libexauth/auth_ext_cli.c
	branches/rel_apv_10_7/usr/click/lib/libparser/commands.pm

Ship it!

Please make sure to fallback to local authentication if external server is not reachable (if this is the behaviour of other external auth servers (RADIUS))

Ship it!

```
Ship It!
```

Testing Done:

~		Image fallback fix
	~	Old CLI

~		Before upgrade
	~	A2JJNpshK3(config)#admin aaa server ?
	+	id, es01 or es02(if server es01 is down, request will be sent to server es02)

~		ArrayOS Rel.APV.10.4.0.112 build on Fri Apr 7 11:33:57 2023
	~	A2JJNpshK3(config)#

~		`Host name : AN`
	~	New CLI
-		System CPU : Intel(R) Xeon(R) CPU
-		System RAM : 3879504 kbytes.
-

~		System boot time : Mon Jul 22 08:00:21 GMT (+0000) 2024
~		Current time : Mon Jul 22 08:03:16 GMT (+0000) 2024
~		System up time : 3 mins, 25 secs
~		Platform Bld Date : Mon Jul 22 07:59:48 GMT 2024
~		SSL HW : No HW Available
~		Compression HW : No HW Available
~		Network Interface : 4 x 10Gigabit Ethernet fiber
~		Model : Array vAPV
~		Serial Number : AF9F00BA8057800000605111301471
~		Licensed Limits : vCPUs(x2), NICs(x4), RAM(4 GB), Bandwidth(1000 Mbps)
~		Licensed Features : WebWall Clustering L4SLB L7SLB Caching
~		SSL tProxy SwCompression LLB QoS MultiLang
~		DynRoute IPv6
~		License Key : 5aec4bf8-69715810-39bf8fe0-49baf9a9-144c073b-13180080-0454d8ab-20240222-99999999
	~	AN(config)#admin aaa server ?
	~	es01 Configure external RADIUS authentication server
	~	es02 Configure external TACACS authentication server
	~	es03 Configure external LDAP authentication server
	~	es04 Configure external LDAPS authentication server
	~
	~	AN(config)#admin aaa server
	~
	~	Old Method list
	~
	~	A2JJNpshK3(config)#admin aaa method ?
	~	method name(RADIUS or TAC_X, default is RADIUS)
	~
	~	A2JJNpshK3(config)#
	+
	+	New Method list
	+
	+	AN(config)#admin aaa method ?
	+	method name(RADIUS or TAC_X or LDAP or LDAPS , default is RADIUS)

~		Array Networks Customer Support
	~	AN(config)
-		Telephone : 1-877-992-7729 (1-877-99-ARRAY)
-		Email : support@arraynetworks.com
-		Update : please contact support for instructions
-		Website : http://www.arraynetworks.com

~		Other Root Version
~		Rel.APV.10.7.0.9.2 - untagged unofficial build by uid=0(root) gid=0(root) groups=0(root) on DevAnsuk: on Mon Jul 22 02:32:25 2024
	~	Old No CLI
	~
	+	A2JJNpshK3(config)#no admin aaa server ?
	+	server id
	+
	+	A2JJNpshK3(
	+
	+	New No CLI
	+
	+	AN(config)#no admin aaa server ?
	+	es01 Delete external RADIUS authentication server
	+	es02 Delete external TACACS authentication server
	+	es03 Delete external LDAP authentication server
	+	es04 Delete external LDAPS authentication server



~		AN(config)#sh adm
	~	AN(config)#no admin aaa server es04 ?
	+	clientcert Delete client certificate
	+	clientkey Delete client key
	+	rootca Delete CA certificate used for client authentication
	+	settings Delete ldaps server settings
	+	verifycert Disable certificate verification
	+
	+	AN(config)#
	+
	+	LDAP Method
	+
	+	AN(config)#admin aaa server ?
	+	es01 Configure external RADIUS authentication server
	+	es02 Configure external TACACS authentication server
	+	es03 Configure external LDAP authentication server
	+	es04 Configure external LDAPS authentication server
	+
	+	AN(config)#admin aaa server es03 ?
	+	Host name or ip address
	+
	+	AN(config)#admin aaa server es03 "127.0.0.1" ?
	+	Port
	+
	+	AN(config)#admin aaa server es03 "127.0.0.1" 123 ?
	+	dn (Ex. OU=Eng,dc=example,dc=in)
	+
	+	AN(config)#admin aaa server es03 "127.0.0.1" 123 "OU=Eng,dc=example,dc=in" ?
	+	memberOf (Ex. CN=Engineering,DC=example,DC=in)
	+
	+	AN(config)#admin aaa server es03 "127.0.0.1" 123 "OU=Eng,dc=example,dc=in" "CN$

		AN(config)#show admin aaa all
~		admin aaa on 1
	~	admin aaa off
		admin aaa authorize off
~		admin aaa method RADIUS
~		admin aaa server es02 "127.0.0.1" 636 "*"
	~	admin aaa method LDAP
	~	admin aaa server es03 "127.0.0.1" 123 "OU=Eng,dc=example,dc=in" "CN=Engineering,DC=example,DC=in"

		AN(config)#

~
	~	LDAPS Method (With Certificate verification)
	+
	+	AN(config)#admin aaa server ?
	+	es01 Configure external RADIUS authentication server
	+	es02 Configure external TACACS authentication server
	+	es03 Configure external LDAP authentication server
	+	es04 Configure external LDAPS authentication server
	+
	+	AN(config)#admin aaa server es04 ?
	+	clientcert Import PEM client certificate
	+	clientkey Import PEM client key
	+	rootca Import CA certificate used for client authentication
	+	settings Configure external authentication server settings
	+	verifycert Enable/Disable certificate verification
	+
	+	AN(config)#
	+
	+	AN(config)#show admin aaa all
	+	admin aaa on 1
	+	admin aaa authorize on
	+	admin aaa method LDAPS
	+	admin aaa server es04 settings "ARRAY-BLR-AD.ARRAYLAB.IN" 636 "OU=Development,DC=ARRAYLAB,DC=IN" "CN=Engineering,OU=Development,DC=ARRAYLAB,DC=IN"
	+	admin aaa server es04 verifycert 1
	+	----- Client Certificate -----
	+	-----BEGIN CERTIFICATE-----
	+	MIIF0zCCBLugAwIBAgITEgAAAA/JmDC+ouQUEwAAAAAADzANBgkqhkiG9w0BAQsF
	+	ADBRMRIwEAYKCZImiZPyLGQBGRYCSU4xGDAWBgoJkiaJk/IsZAEZFghBUlJBWUxB
	+	QjEhMB8GA1UEAxMYQVJSQVlMQUItQVJSQVktQkxSLUFELUNBMB4XDTI0MDUzMTA4
	+	MDE1MVoXDTI2MDUzMTA4MTE1MVowADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCC
	+	AQoCggEBAL5A/II1DJ5TGvpATHx3tcIv6a0JNcacBa3RdTzzGqicEfDSzuyv1EQ+
	+	M2hiypRIHpplFyDI7cYuN6qB5HK3rk77zlpq4VaGC4d/OLeiNRv3qHivTGtf7AVY
	+	GVDCL0AGe6ZFI+uli7vLRL81026MSVAzrGYCCm5+12w/Up65uuDPJboGATw9zvzE
	+	ATOX7cJvkm+LE55yO+yNMCmY7N4ag3G3GBxRj41/dgVqi3hsZID0tk1o0Wpw7LFf
	+	pG6zdvLrjsFgq08Yp50WO+43WOh9tjwcarYOTS4fkCdBXm7ZVjezQ59looaLSyJd
	+	tpQukH4jzSLU8Ffm4mRgqT4am6jAEe0CAwEAAaOCAvMwggLvMD0GCSsGAQQBgjcV
	+	BwQwMC4GJisGAQQBgjcVCIb6tV+BmoIKhdGFC4Phg0eGhcwYM4X9khiF4o1IAgFk
	+	AgEDMDIGA1UdJQQrMCkGBysGAQUCAwUGCisGAQQBgjcUAgIGCCsGAQUFBwMBBggr
	+	BgEFBQcDAjAOBgNVHQ8BAf8EBAMCBaAwQAYJKwYBBAGCNxUKBDMwMTAJBgcrBgEF
	+	AgMFMAwGCisGAQQBgjcUAgIwCgYIKwYBBQUHAwEwCgYIKwYBBQUHAwIwHQYDVR0O
	+	BBYEFA51U9e9XRWgP03Nk/EUvVh6S9uNMB8GA1UdIwQYMBaAFGTgtdLTvecet7eF
	+	wa067VYjUjn9MIHbBgNVHR8EgdMwgdAwgc2ggcqggceGgcRsZGFwOi8vL0NOPUFS
	+	UkFZTEFCLUFSUkFZLUJMUi1BRC1DQSxDTj1BUlJBWS1CTFItQUQsQ049Q0RQLENO
	+	PVB1YmxpYyUyMEtleSUyMFNlcnZpY2VzLENOPVNlcnZpY2VzLENOPUNvbmZpZ3Vy
	+	YXRpb24sREM9QVJSQVlMQUIsREM9SU4/Y2VydGlmaWNhdGVSZXZvY2F0aW9uTGlz
	+	dD9iYXNlP29iamVjdENsYXNzPWNSTERpc3RyaWJ1dGlvblBvaW50MIHKBggrBgEF
	+	BQcBAQSBvTCBujCBtwYIKwYBBQUHMAKGgapsZGFwOi8vL0NOPUFSUkFZTEFCLUFS
	+	UkFZLUJMUi1BRC1DQSxDTj1BSUEsQ049UHVibGljJTIwS2V5JTIwU2VydmljZXMs
	+	Q049U2VydmljZXMsQ049Q29uZmlndXJhdGlvbixEQz1BUlJBWUxBQixEQz1JTj9j
	+	QUNlcnRpZmljYXRlP2Jhc2U/b2JqZWN0Q2xhc3M9Y2VydGlmaWNhdGlvbkF1dGhv
	+	cml0eTA9BgNVHREBAf8EMzAxghhBUlJBWS1CTFItQUQuQVJSQVlMQUIuSU6CC0FS
	+	UkFZTEFCLklOgghBUlJBWUxBQjANBgkqhkiG9w0BAQsFAAOCAQEAx1/jvWgy5tnM
	+	lrKWkz7seN37eLJip8Jo8aAjWESYAaZjCW+a+/h8KDlDRH1ooQPdE+FSsg/aKqOp
	+	gh6BAKgSEDMYgr8JuRE9UvH09v05FxSvXlusUEsYBTLJFjDZ92k9ng0MKKkM6rSs
	+	c9oQ9JSWM0UrPT4cKVx/57/EN1Xun7beaDKxT8Wq+uvgFmgXVcBU7f7TMKUsm8RB
	+	PhV265XUtw2jlk0ETlNFRr4tOfdmGjYFjd+FITCKjJCd9Ksb9fqmSgEmwUgvAorQ
	+	BVqDQR2tBpC8TBZUQrrY4b0FQXeI2qchiG08uGVDTTb58KKhVi3MzZw4Lc2ifuvI
	+	r//3Jz1ciA==
	+	-----END CERTIFICATE-----
	+	----- Root CA -----
	+	-----BEGIN CERTIFICATE-----
	+	MIIDfTCCAmWgAwIBAgIQLm876mIDrJREaQopaAdAQjANBgkqhkiG9w0BAQsFADBR
	+	MRIwEAYKCZImiZPyLGQBGRYCSU4xGDAWBgoJkiaJk/IsZAEZFghBUlJBWUxBQjEh
	+	MB8GA1UEAxMYQVJSQVlMQUItQVJSQVktQkxSLUFELUNBMB4XDTI0MDIyODE4MDY1
	+	MloXDTI5MDIyODE4MTY1MlowUTESMBAGCgmSJomT8ixkARkWAklOMRgwFgYKCZIm
	+	iZPyLGQBGRYIQVJSQVlMQUIxITAfBgNVBAMTGEFSUkFZTEFCLUFSUkFZLUJMUi1B
	+	RC1DQTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAPm/IQmRi4jru4fe
	+	8uJ6aMq6dm+bJWV/jQ69IXECWKrMXTcu2KhirTVo0xnO4mjF1VHka2o1Y8726W3h
	+	+0zgjsY2ursq6/IibkRf00s15lwwGnq5vaU0Mcq3xLkuYnpK1KZApO4onxS+1eQZ
	+	lyD2iZWWzYI+acs3iFSlLUyIXa2zKwjZVgRv0h543EdUu4qheXA0csYf9do2brsS
	+	JvXzv5ZoWMWLx+iabjid/lQkiq1+5sbKcm2Ii/uXqTvmza5F/84DfTrqnA83GaIm
	+	LYPsF2gDGtoh0yHtja2aBEzq1NOyi86d2H3zBzWZFd3dD8YTF04O2EQ8dxzMNSVn
	+	69j24a0CAwEAAaNRME8wCwYDVR0PBAQDAgGGMA8GA1UdEwEB/wQFMAMBAf8wHQYD
	+	VR0OBBYEFGTgtdLTvecet7eFwa067VYjUjn9MBAGCSsGAQQBgjcVAQQDAgEAMA0G
	+	CSqGSIb3DQEBCwUAA4IBAQCOfKVGc5lRgMi65iKiaKcq2go45mx+MAniIXbKxwXO
	+	xogB4Hoocdq8Crt2/Nn4bqxYysPfCzb+ZNjjz2FJBGyNMY1V7KG+R56g4Rye+2cf
	+	NTFMUPlbyoYDRpZs+13tEXwA2DnG7Vwz57qoKarC4ArJT4hK5UGW9Y5S0PhBZxf4
	+	+dBkrxK6ZdImBdu9vUjiS4VRhXQ/FCvjIcx/gngKhJM9XmoBfGmTb7xhlnqSreYD
	+	DisLmwsE+jm2fzvWE0U3K5QAsH48j8xyhykato23WH9RRpLkdsqEFNUOP4kSU8IZ
	+	LQFcKl4TkfpmueYytzmyALtUN0kuTEIEvBgnFX5tV6Z3
	+	-----END CERTIFICATE-----

~		After upgrade
	~	AN(config)#
	+
	+	Authorized User

~		array@192.168.162.195's password:
~		ArrayOS Rel.APV.10.7.0.9.2 - untagged unofficial build by uid=0(root) gid=0(root) groups=0(root) on DevAnsuk: on Mon Jul 22 02:32:25 2024
	~	login as: kdutta@arraylab.in
	~	kdutta@arraylab.in@192.168.162.126's password:
	+	Last login: Tue Jul 23 02:36:09 2024 from 192.168.162.197
	+	ArrayOS Beta.APV.10.7.2.1 - untagged unofficial build by uid=0(root) gid=0(root) groups=0(root) on DevAnsuk: on Mon Jul 22 13:20:14 2024
		Copyright (c) 2000-2024 Array Networks Inc. All rights reserved.

		Type "?" for available commands

		!!Reminder!! Please log on to the WebUI to register this system.





~		A2JJNpshK3>en
	~	AN>en
		Enable password:

~		A2JJNpshK3#
~		A2JJNpshK3#sh ad
~
~		A2JJNpshK3#show admin aaa all
	~	AN#c t
	~	Someone else is in config mode.
	~	Access denied!
	~	Failed to execute "c t"
-		admin aaa on 0
-		admin aaa authorize off
-		admin aaa method RADIUS
-		admin aaa server es01 "127.0.0.1" 636 "*"

~		A2JJNpshK3#sh ve
	~	AN#c t force

~
	~	AN(config)#

~		After downgrade
	~	Unauthorized User

~		ArrayOS Rel.APV.10.4.0.112 build on Fri Apr 7 11:33:57 2023
~		Copyright (c) 2000-2023 Array Networks Inc. All rights reserved.
	~	login as: kdutta@arraylab.in
	~	kdutta@arraylab.in@192.168.162.126's password:
	+	Last login: Tue Jul 23 02:48:19 2024 from 192.168.162.197
	+	ArrayOS Beta.APV.10.7.2.1 - untagged unofficial build by uid=0(root) gid=0(root) groups=0(root) on DevAnsuk: on Mon Jul 22 13:20:14 2024
	+	Copyright (c) 2000-2024 Array Networks Inc. All rights reserved.

		Type "?" for available commands

		!!Reminder!! Please log on to the WebUI to register this system.





~		A2JJNpshK3>en
	~	AN>en
		Enable password:

~		A2JJNpshK3#
~		A2JJNpshK3#
~		A2JJNpshK3#sh adm
	~	AN#
	~	AN#c t
	~	You are enable user, config mode entrance denied.
	+	Failed to execute "c t"

~		A2JJNpshK3#show admin aaa all
	~	AN#
-		admin aaa on 0
-		admin aaa authorize off
-		admin aaa method RADIUS
-		admin aaa server es01 "127.0.0.1" 636 "*"
-
-		A2JJNpshK3#sh ve
-
-		Old config CLI
-
-		xXQDXOJpp.(config)#admin aaa server ?
-		ldap Configure external authentication server
-		ldaps Configure external authentication server
-		radiustacacs Configure external authentication server



~		New config CLI
	~

~		AN(config)#admin aaa server ?
	~	LDAPS Method (Without Certificate verification)
-		es01 Configure external radius authentication server
-		es02 Configure external tacacs authentication server
-		es03 Configure external ldap authentication server
-		es04 Configure external ldaps authentication server

~		Old No CLI
~
~		xXQDXOJpp.(config)#no admin aaa server ?
~		ldap Delete external authentication server
~		ldaps Delete external authentication server
~		radiustacacs Delete external authentication server
	~	AN(config)#show admin aaa all
	~	admin aaa on 1
	~	admin aaa authorize on
	~	admin aaa method LDAPS
	~	admin aaa server es04 settings "ARRAY-BLR-AD.ARRAYLAB.IN" 636 "OU=Development,DC=ARRAYLAB,DC=IN" "CN=Engineering1,OU=Development,DC=ARRAYLAB,DC=IN"
	~	admin aaa server es04 verifycert 0

~		New No CLI
	~	AN(config)#

~		AN(config)#no admin aaa server ?
	~	$n1S%8QwUc$V
-		es01 Delete external radius authentication server
-		es02 Delete external tacacs authentication server
-		es03 Delete external ldap authentication server
-		es04 Delete external ldaps authentication server

You have a pending review.

Review Board 5.0.5

Bug 761 - LDAPS support for admin|AS-14161|

Old CLI

New CLI

Old Method list

New Method list

Old No CLI

New No CLI

LDAP Method

LDAPS Method (With Certificate verification)

Authorized User

Unauthorized User

LDAPS Method (Without Certificate verification)

People:

Diff:

Testing Done:

Image fallback fix

Old CLI

Before upgrade

New CLI

Old Method list

New Method list

Old No CLI

New No CLI

LDAP Method

LDAPS Method (With Certificate verification)

After upgrade

Authorized User

After downgrade

Unauthorized User

Old config CLI

New config CLI

LDAPS Method (Without Certificate verification)

Old No CLI

New No CLI

Status: Closed (submitted)