Contents

1   Introduction

This document describes how to use the POSIX® LDAP schema as profile filter. Such change can be triggered by the organization security policy.

1.1   Prerequisites

This section describes the prerequisites, which must be fulfilled before using the procedure.

1.1.1   Conditions

The following conditions must apply:

• The user has the System Security Administrator role.
• The Managed Element (ME) is configured to connect with remote LDAP server, refer to Configure LDAP Basic Connection and Configure TLS for LDAP.
• The LDAP server is configured for the ME.
• The POSIX LDAP schema is specified and loaded in the LDAP server and the POSIX groups are used as authorization profiles.
• An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

2   Procedure

To set the profileFilter to use POSIX_GROUPS in Ldap Managed Object (MO).

1. Navigate to the Ldap MO, for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1,Ldap=1

2. Enter Config mode:

   (Ldap=1)>configure

3. Set the profile filter:

   (config-Ldap=1)>profileFilter=POSIX_GROUPS

4. Commit the settings:

   (config-Ldap=1)>commit

5. Verify the result:

   (Ldap=1)>show

   The following is an example output:

   Ldap=1 baseDn="dc=my-domain,dc=com" fallbackLdapIpAddress="192.168.0.11" ldapIpAddress="192.168.0.10" profileFilter=POSIX_GROUPS useTls=false