Contents

1   Description

This instruction describes how to use the POSIX® LDAP schema as profile filter. Such change can be triggered by the organization security policy.

2   Procedure

2.1   Configure POSIX LDAP Filter

Prerequisites

• No documents are required.
• No tools are required.
• The following conditions must apply:
  • The user has the System Security Administrator role.
  • The Managed Element (ME) is configured to connect with remote LDAP server, refer to Configure LDAP Basic Connection and Configure TLS for LDAP.
  • The LDAP server is configured for the ME.
  • The POSIX LDAP schema is specified and loaded in the LDAP server and the POSIX groups are used as authorization profiles.
  • An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

Steps

1. Navigate to the Ldap managed object, for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1,Ldap=1

2. Enter Config mode:

   (Ldap=1)>configure

3. Set the profile filter:

   (config-Ldap=1)>profileFilter=POSIX_GROUPS

4. Commit the settings:

   (config-Ldap=1)>commit

5. Verify the result:

   (Ldap=1)>show

   The following is an example output:

   Ldap=1 baseDn="dc=my-domain,dc=com" fallbackLdapIpAddress="192.168.0.11" ldapIpAddress="192.168.0.10" profileFilter=POSIX_GROUPS useTls=false