This document describes how to determine the correct certificate(s) for secure Lightweight Directory Access Protocol (LDAP).
There are no specific requirements for this document.
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.
Secure LDAP requires that the Unified Computing System (UCS) domain have the correct certificate or certificate chain installed as a Trusted Point.
If an incorrect certificate (or chain) is set up, or if none exists, authentication fails.
To determine if there may be an issue with the certificate(s).
If you have problems with Secure LDAP, use LDAP debugging to check if the certificates are correct.
connect nxos *(make sure we are on the primary)
debug ldap all
Next, open a second session and attempt to log in with your Secure LDAP credentials.
The session with debugging enabled logs the attempted login. On the logging session run the undebug command to halt further output.
To determine if there is a potential issue with the certificate, look at the debugging output for these lines.