View LDAP Configuration

1	Introduction
1.1	Prerequisites
2	Procedure

1 Introduction

This document describes how to view the Lightweight Directory Access Protocol (LDAP) configuration.

The understanding of the LDAP configuration is a prerequisite for solving any authentication issues.

1.1 Prerequisites

This section describes the prerequisites, which must be fulfilled before using the procedure.

1.1.1 Conditions

The following conditions must apply:

The user has the System Security Administrator role.
An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

2 Procedure

To view the LDAP configuration:

Navigate to the UserManagement Managed Object (MO), for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1

View the configuration:

(UserManagement=1)>show -r

The following is an example output:

UserManagement=1
   targetType=”ims.kista.se”
   userLabel="Selective authentication for Kista site"
   LdapAuthenticationMethod=1
      administrativeState=UNLOCKED
      Ldap=1
         baseDn="dc=my-domain,dc=com"
         bindDn="cn=proxyaccount,dc=ericsson,dc=com"
         bindPassword="1:XUC+jE8QV05dG57Ouv7hWi1s/wa+uWi0"
         fallbackLdapIpAddress="192.0.2.11"
         ldapIpAddress="192.0.2.10"
         nodeCredential="ManagedElement=NODE06ST,SystemFunctions=1,⇒
SecM=1,CertM=1,NodeCredential=1"
         profileFilter=ERICSSON_FILTER
         serverPort=636
         tlsMode=LDAPS
         trustCategory="ManagedElement=NODE06ST,SystemFunctions=1,⇒
SecM=1,CertM=1,TrustCategory=aurora"
         userLabel="LDAP based login authentication"
         useTls=true
         useTlsFallback=true
         EricssonFilter=1
            roleAliasesBaseDn="dc=example,dc=com"
            targetBasedAccessControl=UNLOCKED
[...]

The example output reflects a typical configuration to LDAP servers provided by an Ericsson OSS solution. The LDAP configuration points to a primary LDAP server with IP address 192.0.2.10 and a secondary/fallback LDAP server with IP address 192.0.2.11.

A password-based bind authentication is used to the LDAP servers since a bind Distinguished Name (DN) and a bind password are configured. The ERICSSON_FILTER profile filter is used for LDAP searches in the LDAP servers. Selective authentication based on the target type ims.kista.se is enforced. The LDAP authentication is secured by Transport Layer Security (TLS).