View LDAP Configuration

Contents

1Introduction
1.1Prerequisites

2
Procedure

1   Introduction

This document describes how to view the Lightweight Directory Access Protocol (LDAP) configuration.

The understanding of the LDAP configuration is a prerequisite for solving any authentication issues.

1.1   Prerequisites

This section describes the prerequisites, which must be fulfilled before using the procedure.

1.1.1   Conditions

The following conditions must apply:

2   Procedure

To view the LDAP configuration:

  1. Navigate to the UserManagement Managed Object (MO), for example:

    >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1

  2. View the configuration:

    (UserManagement=1)>show -r

    The following is an example output:

    UserManagement=1
   targetType=”ims.kista.se”
   userLabel="Selective authentication for Kista site"
   LdapAuthenticationMethod=1
      administrativeState=UNLOCKED
      Ldap=1
         baseDn="dc=my-domain,dc=com"
         bindDn="cn=proxyaccount,dc=ericsson,dc=com"
         bindPassword="1:XUC+jE8QV05dG57Ouv7hWi1s/wa+uWi0"
         fallbackLdapIpAddress="192.0.2.11"
         ldapIpAddress="192.0.2.10"
         nodeCredential="ManagedElement=NODE06ST,SystemFunctions=1,⇒
SecM=1,CertM=1,NodeCredential=1"
         profileFilter=ERICSSON_FILTER
         serverPort=636
         tlsMode=LDAPS
         trustCategory="ManagedElement=NODE06ST,SystemFunctions=1,⇒
SecM=1,CertM=1,TrustCategory=aurora"
         userLabel="LDAP based login authentication"
         useTls=true
         useTlsFallback=true
         EricssonFilter=1
            roleAliasesBaseDn="dc=example,dc=com"
            targetBasedAccessControl=UNLOCKED
[...]

    The example output reflects a typical configuration to LDAP servers provided by an Ericsson OSS solution. The LDAP configuration points to a primary LDAP server with IP address 192.0.2.10 and a secondary/fallback LDAP server with IP address 192.0.2.11.

    A password-based bind authentication is used to the LDAP servers since a bind Distinguished Name (DN) and a bind password are configured. The ERICSSON_FILTER profile filter is used for LDAP searches in the LDAP servers. Selective authentication based on the target type ims.kista.se is enforced. The LDAP authentication is secured by Transport Layer Security (TLS).



Copyright

© Ericsson AB 2014, 2015. All rights reserved. No part of this document may be reproduced in any form without the written permission of the copyright owner.

Disclaimer

The contents of this document are subject to revision without notice due to continued progress in methodology, design and manufacturing. Ericsson shall have no liability for any error or damage of any kind resulting from the use of this document.

Trademark List
All trademarks mentioned herein are the property of their respective owners. These are shown in the document Trademark Information.

    View LDAP Configuration