Contents

1   Description

This instruction describes how to configure a clear text connection to a remote centralized LDAP server for the Managed Element (ME) to control access to the LDAP directory. Such change can be triggered by the organization security policy.

2   Procedure

2.1   Configure LDAP Basic Connection

Prerequisites

• No documents are required.
• No tools are required.
• The following conditions must apply:
  • The user has the System Security Administrator role.
  • The LDAP server is configured for the ME.
  • The URI of the remote LDAP server and, optionally, the fall back LDAP server URI is known.
  • The base distinguished name in the LDAP server is known.
  • An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

Steps

1. Navigate to the Ldap managed object, for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1,Ldap=1

2. Enter Config mode:

   (Ldap=1)>configure

3. Set ldapIpAddress to the IP address of the remote LDAP server, for example:

   (config-Ldap=1)>ldapIpAddress="192.168.0.10"

4. Optionally, set the fallbackLdapIpAddress to be used when the primary LDAP server is down, for example:

   (config-Ldap=1)>fallbackLdapIpAddress="192.168.0.11"

5. Configure the baseDn from where the LDAP server starts to search for users, for example:

   (config-Ldap=1)>baseDn="dc=my-domain,dc=com"

6. If LDAP server is listening to a non-default port, then the serverPort must be set, for example:

   (config-Ldap=1)>serverPort=1000

7. Turn off TLS:

   (config-Ldap=1)>useTls=false

8. Commit the settings:

   (config-Ldap=1)>commit

9. Verify the result:

   (Ldap=1)>show

   The following is an example output:

   Ldap=1 baseDn="dc=my-domain,dc=com" fallbackLdapIpAddress="192.168.0.11" ldapIpAddress="192.168.0.10" serverPort=1000 useTls=false [...]

   A basic LDAP connection is set between ME and the remote LDAP server.