Contents

1   Introduction

This document describes how to configure an arbitrary LDAP search filter when querying the LDAP server. Such change can be triggered by the organization security policy.

1.1   Prerequisites

This section describes the prerequisites, which must be fulfilled before using the procedure.

1.1.1   Conditions

The following conditions must apply:

• The user has the System Security Administrator role.
• The ME is configured to connect with remote LDAP server, refer to Configure LDAP Basic Connection and Configure TLS for LDAP.
• The LDAP server is configured for the Managed Element (ME).
• The LDAP schema is specified and loaded in the LDAP server.
• An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

2   Procedure

To configure flexible LDAP filter:

1. Navigate to the Ldap Managed Object (MO), for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1,Ldap=1

2. Enter Config mode:

   (Ldap=1)>configure

3. Configure flexible filtering in Ldap MO:

   (config-Ldap=1)>profileFilter=FLEXIBLE

Configure the Filter MO

4. Navigate to the Filter MO, for example:

   (config-Ldap=1)>Filter=1

5. Configure the arbitrary LDAP search expression, for example:

   (config-Filter=1)>filter="(&(objectClass=posixAccount)(uid=<UID>))"

6. Configure the LDAP return attribute, for example:

   (config-Filter=1)>type="cn"

7. Commit the settings:

   (config-Filter=1)>commit

8. Verify the result:

   (Filter=1)>show -r ..

   The following is an example output:

   Ldap=1 baseDn="dc=my-domain,dc=com" fallbackLdapIpAddress="192.168.0.11" ldapIpAddress="192.168.0.10" profileFilter=FLEXIBLE useTls=false Filter=1 filter="(&(objectClass=posixAccount)(uid=<UID>))" type="cn" (Filter=1)>