Configure Flexible LDAP Filter
Contents
1 Description
This instruction describes how to configure an arbitrary LDAP search filter when querying the LDAP server. Such a change can be triggered by the organization security policy.
2 Procedure
2.1 Configure Flexible LDAP Filter
Prerequisites
- This instruction references the following documents:
- No tools are required.
- The following conditions must apply:
- The user has the System Security Administrator role.
- The ME is configured to connect with remote LDAP server, refer to Configure LDAP Basic Connection and Configure TLS for LDAP.
- The LDAP server is configured for the Managed Element (ME).
- The LDAP schema is specified and loaded in the LDAP server.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
Steps
- Navigate to the Ldap Managed Object (MO), for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1,Ldap=1
- Enter Config mode:
(Ldap=1)>configure
- Configure flexible filtering in Ldap MO:
(config-Ldap=1)>profileFilter=FLEXIBLE
- Navigate to the Filter MO, for example:
(config-Ldap=1)>Filter=1
- Configure the arbitrary LDAP search expression, for example:
(config-Filter=1)>filter="(&(objectClass=posixAccount)(uid=<UID>))"
- Configure the LDAP return attribute, for example:
(config-Filter=1)>type="cn"
- Commit the settings:
(config-Filter=1)>commit
- Verify the result:
(Filter=1)>show -r
The following is an example output:
Ldap=1 baseDn="dc=my-domain,dc=com" fallbackLdapIpAddress="192.168.0.11" ldapIpAddress="192.168.0.10" profileFilter=FLEXIBLE useTls=false Filter=1 filter="(&(objectClass=posixAccount)(uid=<UID>))" type="cn"