home

Supported platforms

Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers
Getting startedOverviewArchitectureSupported platformsRelease notesWhite papers

Vyatta documentation

Learn how to install, configure, and operate the Vyatta Network Operating System (Vyatta NOS) and Orchestrator, which help drive our virtual networking and physical platforms portfolio.

Show On this page:

thumbnailSupported platforms

Service-user authentication through LDAP

Specifying a trusted CA certificate

If the TLS or SSL certificate that is issued by a corporate certificate authority (CA) is not trusted or known to the vRouter, the required certificate must be explicitly specified.

To specify this certificate, use the following command: 

vyatta@vyatta# set resources service-users ldap example.com tls cacert /config/auth/ldap-ca.pem

Alternatively, to reduce the number of checks on the TLS or SSL LDAP server certificate, use the following command: 

vyatta@vyatta# set resources service-users ldap example.com tls reqcert {never | allow | try | demand}

If no option is explicitly specified, the demand option is set by default.

Table 1. Variable definitions
Option Description

never

Performs no request and no checks on the server certificate.

allow

Requests and checks the certificate, if available. Tolerates bad server certificates.

try

Requests and checks the certificate, if available. Bad server certificates get rejected.

demand

Requests a valid server certificate (default).

Last updated: May 7, 2021