To enable LDAP over SSL for a Vault when DNS lookups are blocked, which step must be completed?
To enable LDAP over SSL for a Vault when DNS lookups are blocked, which step must be completed?
To enable LDAP over SSL for a Vault when DNS lookups are blocked, you must add the FQDN and IP details for each LDAP host into the local hosts file of the Vault server. This ensures that the Vault can resolve the LDAP hostnames even when DNS lookups are blocked, by relying on the static mappings of the hostnames to their respective IP addresses specified in the local hosts file.
Enabling DNS (and associated firewall rules) on the Vault is strongly as it increases the attack surface of the system. Therefore hostname and IPs should be added to the hosts file locallt on the Vault. https://docs.cyberark.com/PAS/Latest/en/Content/PAS%20INST/Configuring-Transparent-User-Management.htm?tocpath=Administrator%7CUser%20Management%7CTransparent%20user%20management%20using%20LDAP%7C_____1#:~:text=In%20the%20%25systremroot%25%5CSystem32%5CDrivers%5CEtc%5Chosts%20file%2C%20define%20the%20DNS%20of%20the%20LDAP%20host
The answer is A. https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/12.6/en/Content/PAS%20INST/Configuring-Transparent-User-Management.htm?tocpath=Administrator%7CUser%20Management%7CTransparent%20user%20management%20using%20LDAP%7C_____1
A is correct. If the PVWA or CPM cannot resolve the domain name, add DNS server configuration to the PVWA or CPM network interface configuration. 10.10.10.10 dc1.mydomain.com As the Vault cannot be configured with a DNS server, add a row to the HOSTS file for every domain controller that specifies the IP address and corresponding domain name.
https://docs.cyberark.com/Product-Doc/OnlineHelp/PAS/13.0/en/Content/PAS%20INST/Configuring-Transparent-User-Management.htm?tocpath=Administrator%7CUser%20Management%7CTransparent%20user%20management%20using%20LDAP%7C_____1#ConfigureLDAPoverSSLconnectionsrecommended