Cisco Internal Use Only
Copyright © 2006 Cisco Systems, Inc. All rights reserved.
Page 13 of 66
• ldap.auth.scheme=ssl
• ldap.account.name=admin
• ldap.server.name=ware.trendium.com
• ldap.server.port=636
For SSL communication with the LDAP server, you need to import the public key from the LDAP server. Assume that you have copied the
public certificate (including the BEGIN and END lines) to a text file /opt/CSCOpvm/cert.txt on the PVM server. Then you need to perform the
following steps to import the certificate into Cisco PVM.
1. Ensure that the cacerts file is writable:
$cd /opt/CSCOpvm/j2sdk142/jre/lib/security
$chmod +w cacerts
2. Import the public key into the keystore:
$/opt/CSCOpvm/j2sdk142/bin/keytool -import -file "/opt/CSCOpvm/cert.txt" -keystore cacerts
When asked for the keystore password type changeit. When asked if PVM should trust the certificate, type yes.
The output is as follows:
Enter keystore password: changeit
Owner: CN=ware, OU=Engineering, O=Trendium, L=Sunrise, ST=FL, C=US
Issuer: CN=ware, OU=Engineering, O=Trendium, L=Sunrise, ST=FL, C=US
Serial number: 81523838
Valid from: Tue Jan 17 13:04:26 EST 2006 until: Tue Apr 17 14:04:26 EDT 2007
Certificate fingerprints:
MD5: 91:58:60:10:C6:62:59:C2:41:C1:F9:E6:69:11:72:41
SHA1: C1:ED:01:F5:21:C9:C9:A1:AD:34:B0:99:70:D2:52:52:06:7B:7E:D5
Trust this certificate? [no]: yes
Certificate was added to keystore
Ensure that the information you enter is appropriate for your organization.
Mapping LDAP users to PVM roles
Cisco PVM uses two user groups: Admin and General. To map the various LDAP groups to PVM user groups, you can change the following
two properties in the config file:
ldap.admin.group.name=<ldap group name>, <another ldap group name>
ldap.general.group.name=<ldap group name>, <another ldap group name>
You can put multiple ldap groups separated by commas.
Adding a NAM through the GUI
Configuring NAMs and their associated devices in Cisco PVM is an easy process, and can be done in one of two ways. You can either add an
individual NAM and its associated device through the Cisco PVM GUI, or you can import multiple NAMs and their devices through the import
feature. This section describes the steps involved in configuring NAMs in Cisco PVM.
Note:
The parameters such as ldap.account.name, ldap.server.name and ldap.server.port are relative to the test environment. The PVM
administrator needs to obtain these parameters from LDAP administrator.