Configuring the LDAP Domain

This operation enables you to configure the LDAP domain to allow LDAP users to access shared resources of file systems.

Context

LDAP data is organized in a tree structure, which clearly shows the organizational information. A node on the tree is called Entry. Each Entry has a distinguished name (DN). The DN of an Entry is composed of the base distinguished name (Base DN) and relative distinguished name (RDN). The Base DN refers to the position of the parent node where the Entry resides on the tree, and the RDN refers to an attribute that distinguishes the Entry from others.

A DN consists of the following parts:

Domain component (DC)
Identifies the domain name of a company or organization.
Organizational unit (OU)
Identifies the internal information classification of a company or organization.
Common name (CN)
Identifies the name of a directory Entry.

Procedure

Choose Services > HDFS Service > Account.
Click the name of an account and select the LDAP Domain tab on the General page.
Enable LDAP Domain and click Configure.
The Configure LDAP Domain page is displayed on the right.

Set LDAP domain parameters described in Table 1.

**Table 1** LDAP domain parameters
Parameter	Description
Active Server Address	Indicates the IP address or domain name of the active LDAP domain server. NOTE: Ensure that the IP address is reachable. Otherwise, executing user authentication commands or network commands will time out. You can click Test to check whether the entered IP address can be pinged.
Standby Server Address 1	Indicates the IP address or domain name of standby LDAP domain server 1. NOTE: Ensure that the IP address is reachable. Otherwise, executing user authentication commands or network commands will time out. You can click Test to check whether the entered IP address can be pinged.
Standby Server Address 2	Indicates the IP address or domain name of standby LDAP domain server 2. NOTE: Ensure that the IP address is reachable. Otherwise, executing user authentication commands or network commands will time out. You can click Test to check whether the entered IP address can be pinged.
Protocol	Indicates the protocol used by the storage system to communicate with the active LDAP domain server. LDAP: The system uses the standard LDAP protocol to communicate with the active LDAP domain server. LDAPS: The system uses the LDAPS protocol to communicate with the active LDAP domain server if the server supports SSL.
Port	Indicates the port used by the storage system to communicate with the active LDAP domain server.
Base DN	Indicates the LDAP domain's start DN specified for searching. [Value range] A DN consists of RDNs, which are separated by commas (,). An RDN is in the format of key=value. The value cannot start with a number sign (#) or a space and cannot end with a space. For example, testDn=testDn,xxxDn=xxx. [Example] dc=example,dc=com
Bind Using the AD Credential	Determine whether to enable Bind Using the AD Credential. If this parameter is enabled when the system has been added to the AD domain, the AD domain account can be used as the LDAP bind DN.
Bind Level	Indicates the bind level for the active LDAP domain server. simple: simple authentication. SASL: simple authentication and security layer.
Bind DN	Indicates the name of the bond directory. [Value range] A DN consists of RDNs, which are separated by commas (,). An RDN is in the format of key=value. The value cannot start with a number sign (#) or a space and cannot end with a space. For example, testDn=testDn,xxxDn=xxx. [Example] cn=Manager,dc=example,dc=com NOTE: To access contents, use the bind DN for searching.
Bind Password	Indicates the password for accessing the bind DN. NOTE: A simple password may result in security issues. A complex password that contains uppercase letters, lowercase letters, digits, and special characters is recommended.
Confirm Bind Password	Enter the same bind password again.
User Directory	Indicates the user DN configured on the active LDAP domain server.
User Search Scope	Indicates the search scope for user queries. base: only searches the named DN. onelevel: searches the subnodes under the DN. subtree: searches the named DN and subnodes under the DN.
User Group Directory	Indicates the user group DN configured on the active LDAP domain server.
User Group Search Scope	Indicates the search scope for user group queries. base: only searches the named DN. onelevel: searches the subnodes under the DN. subtree: searches the named DN and subnodes under the DN.
Network Group DN	Indicates the network group DN.
Network Group Search Scope	Indicates the search scope for network group queries. base: searches just the named DN. onelevel: searches the subnodes under the DN. subtree: searches the named DN and subnodes under the DN.
Search Timeout Duration (Seconds)	Indicates the timeout duration that the client waits for the active LDAP domain server to return the query result. The default value is 3.
Connection Timeout Duration (Seconds)	Indicates the timeout duration that the client establishes a connection with the active LDAP domain server. The default value is 3.
Idle Timeout Duration (Seconds)	Indicates the timeout duration that the client has no communication with the active LDAP domain server. The default value is 30.

Click OK.
(Optional) Click Restore to Initial to restore the configured parameters to the initial values.