Contents

1   Introduction

This document describes how to change the bind name and password required for password-based simple bind Lightweight Directory Access Protocol (LDAP) authentication. Such change can be triggered by the organization security policy.

1.1   Prerequisites

This section describes the prerequisites, which must be fulfilled before using the procedure.

1.1.1   Conditions

The following conditions must apply:

• The user has the System Security Administrator role.
• The LDAP server has a proxy account provided for the Managed Element (ME).
• The new bind Distinguished Name (DN) is known.
• The new ME password for the LDAP account is known.
• An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

2   Procedure

To change bind name and password for LDAP authentication:

1. Navigate to the Ldap managed object, for example:

   >dn ManagedElement=<Node Name>,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1,Ldap=1

2. Enter Config mode:

   (Ldap=1)>configure

3. Set the bind DN to be used for user authentication to the LDAP target, for example:

   (config-Ldap=1)>bindDn="cn=proxyaccount,dc=ericsson,dc=com"

   The bind DN must be specified in an LDAP DN format.

4. Set the ME password for the LDAP account, for example:

   (config-Ldap=1)>bindPassword=12345 cleartext

5. Commit the settings:

   (config-Ldap=1)>commit

6. Verify the result:

   (Ldap=1)>show

   The following is an example output:

   Ldap=1 baseDn="dc=my-domain,dc=com" bindDn="cn=proxyaccount,dc=ericsson,dc=com" bindPassword="1:XUC+jE8QV05dG57Ouv7hWi1s/wa+uWi0" fallbackLdapIpAddress="192.0.2.11" ldapIpAddress="192.0.2.10"

   LDAP password-based simple binds can now be performed with the new bind DN and password.