Contents
1 Introduction
This document describes how to change the bind name and password required for password-based simple bind Lightweight Directory Access Protocol (LDAP) authentication. Such change can be triggered by the organization security policy.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has the System Security Administrator role.
- The LDAP server has a proxy account provided for the Managed Element (ME).
- The new bind Distinguished Name (DN) is known.
- The new ME password for the LDAP account is known.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
2 Procedure
To change bind name and password for LDAP authentication:
- Navigate to the Ldap managed object, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1,Ldap=1
- Enter Config mode:
(Ldap=1)>configure
- Set the bind DN to be used for user authentication to
the LDAP target, for example:
(config-Ldap=1)>bindDn="cn=proxyaccount,dc=ericsson,dc=com"
- Set the ME password for the LDAP account, for example:
(config-Ldap=1)>bindPassword=12345 cleartext
- Commit the settings:
(config-Ldap=1)>commit
- Verify the result:
(Ldap=1)>show
The following is an example output:
Ldap=1 baseDn="dc=my-domain,dc=com" bindDn="cn=proxyaccount,dc=ericsson,dc=com" bindPassword="1:XUC+jE8QV05dG57Ouv7hWi1s/wa+uWi0" fallbackLdapIpAddress="192.0.2.11" ldapIpAddress="192.0.2.10"
LDAP password-based simple binds can now be performed with the new bind DN and password.