Configure LDAP Basic Connection
Contents
1 Description
This instruction describes how to configure a clear text connection to a remote centralized LDAP server for the Managed Element (ME) to control access to the LDAP directory. Such change can be triggered by the organization security policy.
2 Procedure
2.1 Configure LDAP Basic Connection
Prerequisites
- No documents are required.
- No tools are required.
- The following conditions must apply:
- The user has the System Security Administrator role.
- The LDAP server is configured for the ME.
- The URI of the remote LDAP server and, optionally, the fall back LDAP server URI is known.
- The base distinguished name in the LDAP server is known.
- An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.
Steps
- Navigate to the Ldap managed object, for example:
>dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1,Ldap=1
- Enter Config mode:
(Ldap=1)>configure
- Set ldapIpAddress to the IP
address of the remote LDAP server, for example:
(config-Ldap=1)>ldapIpAddress="192.168.0.10"
- Optionally, set the fallbackLdapIpAddress to be used when the primary LDAP server is down, for example:
(config-Ldap=1)>fallbackLdapIpAddress="192.168.0.11"
- Configure the baseDn from where
the LDAP server starts to search for users, for example:
(config-Ldap=1)>baseDn="dc=my-domain,dc=com"
- If LDAP server is listening to a non-default port, then
the serverPort must be set, for example:
(config-Ldap=1)>serverPort=1000
- Turn off TLS:
(config-Ldap=1)>useTls=false
- Commit the settings:
(config-Ldap=1)>commit
- Verify the result:
(Ldap=1)>show
The following is an example output:
Ldap=1 baseDn="dc=my-domain,dc=com" fallbackLdapIpAddress="192.168.0.11" ldapIpAddress="192.168.0.10" serverPort=1000 useTls=false [...]
A basic LDAP connection is set between ME and the remote LDAP server.