Contents

1   Introduction

This document describes how to configure a clear text connection to a remote centralized LDAP server for the Managed Element (ME) to control access to the LDAP directory. Such change can be triggered by the organization security policy.

1.1   Prerequisites

This section describes the prerequisites, which must be fulfilled before using the procedure.

1.1.1   Conditions

The following conditions must apply:

• The user has the System Security Administrator role.
• The LDAP server is configured for the ME.
• The URI of the remote LDAP server and, optionally, the fall back LDAP server URI is known.
• The base distinguished name in the LDAP server is known.
• An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

2   Procedure

To configure an LDAP Basic connection:

1. Navigate to the Ldap Managed Object (MO), for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1,Ldap=1

2. Enter Config mode:

   (Ldap=1)>configure

3. Set ldapIpAddress to the IP address of the remote LDAP server, for example:

   (config-Ldap=1)>ldapIpAddress="192.168.0.10"

4. Optionally, set the fallbackLdapIpAddress to be used when the primary LDAP server is down, for example:

   (config-Ldap=1)>fallbackLdapIpAddress="192.168.0.11"

5. Configure the baseDn from where the LDAP server starts to search for users, for example:

   (config-Ldap=1)>baseDn="dc=my-domain,dc=com"

6. If LDAP server is listening to a non-default port, then the serverPort must be set, for example:

   (config-Ldap=1)>serverPort=1000

7. Turn off TLS:

   (config-Ldap=1)>useTls=false

8. Commit the settings:

   (config-Ldap=1)>commit

9. Verify the result:

   (Ldap=1)>show

   The following is an example output:

   Ldap=1 baseDn="dc=my-domain,dc=com" fallbackLdapIpAddress="192.168.0.11" ldapIpAddress="192.168.0.10" serverPort=1000 useTls=false

   A basic LDAP connection is set between ME and the remote LDAP server