GEN008020 - The LDAP TLS connection must require a certificate and this certificate has a valid path to a trusted CA - 'useSSL = yes'

Information

LDAP can be used to provide user authentication and account information, which are vital to system security. Communication between an LDAP server and a host using LDAP requires authentication.

Solution

Create a key database with DoD PKI or DoD-approved certificate.

#gsk7cmd
OR
#ikeyman

Edit /etc/security/ldap/ldap.conf and add or edit the ldapsslkeyf setting to reference a file containing a client certificate issued by DoD PKI or a DoD-approved external PKI.

See Also

https://iasecontent.disa.mil/stigs/zip/U_AIX_6-1_V1R14_STIG.zip

Item Details

Category: IDENTIFICATION AND AUTHENTICATION

References: 800-53|IA-5(2)(a), CAT|II, CCI|CCI-000185, Group-ID|V-22557, Rule-ID|SV-38966r1_rule, STIG-ID|GEN008020, Vuln-ID|V-22557

Plugin: Unix

Control ID: c2a87b651bd59cba397835ab4dff07daf4023507beeb5d375d6a2eda8f031912