Contents
1 Introduction
This document describes how to configure a password-based LDAP authentication for the Managed Element (ME) to control access to the LDAP directory. Such change can be triggered by the organization security policy.
1.1 Prerequisites
This section describes the prerequisites, which must be fulfilled before using the procedure.
1.1.1 Conditions
The following conditions must apply:
- The user has the System Security Administrator role.
- The LDAP server is configured for the Managed Element (ME).
- The ME is configured to connect with remote LDAP server, refer to Configure LDAP Basic Connection and Configure TLS for LDAP.
- The new bind Distinguished Name (DN) is known.
- The new ME password for the LDAP account is known.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
2 Procedure
To change bind name and password for LDAP authentication:
- Navigate to the Ldap Managed Object (MO), for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1,Ldap=1
- Enter Config mode:
(Ldap=1)>configure
- Set the bind DN to be used for user authentication to
the LDAP target, for example:
(config-Ldap=1)>bindDn="cn=proxyaccount,dc=ericsson,dc=com"
- Set the ME password for the LDAP account, for example:
(config-Ldap=1)>bindPassword=12345 cleartext
- Commit the settings:
(config-Ldap=1)>commit
- Verify the result:
(Ldap=1)>show
The following is an example output:
Ldap=1 baseDn="dc=my-domain,dc=com" bindDn="cn=proxyaccount,dc=ericsson,dc=com" bindPassword="1:XUC+jE8QV05dG57Ouv7hWi1s/wa+uWi0" fallbackLdapIpAddress="192.0.2.11" ldapIpAddress="192.0.2.10" serverPort=1000 useTls=false
LDAP password-based simple binds can now be performed with the new bind DN and password.