Contents

1   Description

This instruction describes how to configure a password-based LDAP authentication for the Managed Element (ME) to control access to the LDAP directory. Such change can be triggered by the organization security policy.

2   Procedure

2.1   Configure LDAP Simple Bind

Prerequisites

• This instruction references the following documents:
  • Configure LDAP Basic Connection
  • Configure TLS for LDAP
• No tools are required.
• The following conditions must apply:
  • The user has the System Security Administrator role.
  • The LDAP server is configured for the Managed Element (ME).
  • The ME is configured to connect with remote LDAP server, refer to Configure LDAP Basic Connection and Configure TLS for LDAP.
  • The new bind Distinguished Name (DN) is known.
  • The new ME password for the LDAP account is known.
  • An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

Steps

1. Navigate to the Ldap managed object, for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1,Ldap=1

2. Enter Config mode:

   (Ldap=1)>configure

3. Set the bind DN to be used for user authentication to the LDAP target, for example:

   (config-Ldap=1)>bindDn="cn=proxyaccount,dc=ericsson,dc=com"

   The bind DN must be specified in an LDAP DN format.

4. Set the ME password for the LDAP account, for example:

   (config-Ldap=1)>bindPassword=12345 cleartext

5. Commit the settings:

   (config-Ldap=1)>commit

6. Verify the result:

   (Ldap=1)>show

   The following is an example output:

   Ldap=1 baseDn="dc=my-domain,dc=com" bindDn="cn=proxyaccount,dc=ericsson,dc=com" bindPassword="1:XUC+jE8QV05dG57Ouv7hWi1s/wa+uWi0" fallbackLdapIpAddress="192.0.2.11" ldapIpAddress="192.0.2.10" serverPort=1000 useTls=false

   LDAP password-based simple binds can now be performed with the new bind DN and password.