| Attributes |
string
mandatory |
-
baseDn
-
Default base DN to use in LDAP operations.
The base DN must be specified in an LDAP DN format, for example, 'ou=people,dc=mycompany,dc=com'. All LDAP objects used for authentication and authorization must be accessible from the base DN.
|
string[0..1] |
-
bindDn
-
Default bind DN used to access the LDAP servers.
When configured, the ME uses the specified DN as the bind name for LDAP searches. The bind DN must be specified in an LDAP DN format, for example 'cn=bindaccount,dc=mycompany,dc=com'.
|
EcimPassword[0..1] |
-
bindPassword
-
Password used with bindDn to access the LDAP servers.
When configured, the ME establishes a password-based LDAP simple bind.
|
IpDNSAddress[0..1] |
-
fallbackLdapIpAddress
-
The IP or DNS address of the fallback LDAP server.
The fallback server is used when the primary server is inaccessible.
Default port number used is 389. The selected tlsMode overrides the default port number.
|
FilterType[0..1]
noNotification |
-
filterType
-
The filterType selects method for user authorization.
POSIX_GROUPS - Roles for authorization are selected from LDAP database based on standard Posix account and Posix Group schemas. The cn attribute of the Posix Group object is treated as role.
ERICSSON_ROLES - Roles for authorization are selected from LDAP database based on Posix account extended with auxiliary attribute ericssonUserAuthorizationScope.
FLEXIBLE - Roles for authorization are selected from LDAP database based on attributes specified in the contained Filter object.This entity is deprecated use profileFilter instead.
Deprecated:
|
string
key
mandatory
noNotification
restricted |
-
ldapId
-
The value component of the RDN.
|
IpDNSAddress
mandatory |
-
ldapIpAddress
-
The IP or DNS address of the primary LDAP server.
Default port number used is 389. The selected tlsMode overrides the default port number.
|
ManagedObject[0..1] |
-
nodeCredential
-
The credential used for LDAP.
Specifies the DN of a NodeCredential MO in Certificate Management.
|
string[0..]
noNotification |
-
nodeType
-
The type or types of network node current managed element represents in management perspective. The value of this attribute is used, when a role defined in the LDAP database is prefixed with Node Type. Roles definitions where the Node Type prefix does not match are skipped. For example nodeType=ims.kista.se. This entity is deprecated.
Deprecated:
|
ProfileFilter[0..1] |
-
profileFilter
-
Selects an LDAP filter to determine the user's authorization profile.
Authorization profiles are used by authorization methods.
For ERICSSON_FILTER, the contained EricssonFilter MO must exist.
For FLEXIBLE, the contained Filter MO must exist.
|
string[0..1]
noNotification |
-
roleAliasesBaseDn
-
LDAP base DN to a subtree of objects that is used to resolve alias roles to real roles.
The DN for such an object is role=[role], roleAliasesBaseDn.
For example:
If roleAliasesBaseDn = "dc=example,dc=com" and the user has role Admin, then if the object "role=Admin,dc=example,dc=com" exists and has attribute name = Administrator, the user gets the role Administrator instead.
This entity is deprecated.
Deprecated:
|
uint16[0..1] |
-
serverPort
-
Specifies the server port number to access the primary and secondary LDAP servers.
Must only be specified when the default port number is not in use.
Default ports are:
389, when useTls is false.
389, when useTls is true and tlsMode is STARTTLS.
636, when useTls is true and tlsMode is LDAPS.
|
string[0..1] |
-
tlsCaCertificate
-
Certificate Authority's (CA) certificate that signed the LDAP server certificate.
The CA certificate is used to authenticate the server certificate. The CA certificate is provided by the operator and can be represented as follows: /etc/ssl/certs/cacert.pem.
This attribute is deprecated. If this attribute is set, attribute trustCategory is ignored.
Deprecated: Deprecated in version 2.0. Attribute trustCategory replaced its function. If this attribute is set, attribute trustCategory is ignored.
|
string[0..1] |
-
tlsClientCertificate
-
Client certificate used when the LDAP server needs to authenticate the client.
It is generated and provided by the operator. Example of client certificate representation: /home/ldap-user/certs/client.cert.pem.
This attribute is deprecated. When this attribute is set, attribute nodeCredential is ignored.
Deprecated: Deprecated in version 2.0. Attribute nodeCredential replaced its function. If this attribute is set, attribute nodeCredential is ignored.
|
string[0..1] |
-
tlsClientKey
-
Specifies the private key for the client certificate referred to by the tlsClientCertificate attribute.
The key is generated and provided by the operator.
Example of client key representation: /home/ldap-user/certs/keys/client.key.pem
This attribute is deprecated. If this attribute is set, attribute nodeCredential is ignored.
Deprecated: Deprecated in version 2.0. Attribute nodeCredential replaced its function. If this attribute is set, attribute nodeCredential is ignored.
|
TlsMode |
-
tlsMode
=
STARTTLS
-
Toggles the TLS establishment mode to access the primary and secondary LDAP servers.
Takes effect when useTls is true.
|
ManagedObject[0..1] |
-
trustCategory
-
The set of certificates trusted by LDAP.
Specifies the DN of a TrustCategory MO in Certificate Management.
|
boolean |
-
useReferrals
=
false
-
Toggle to enable the use of referrals.
When set to false, the ME ignores referrals returned by the LDAP server.
When set to true, the ME follows referrals. Referrals can be used for authentication and authorization only if the referral URI refers back to a directory tree within the same LDAP server instance; otherwise, access is denied for referred user accounts.
|
string[0..1] |
-
userLabel
-
An additional descriptive text.
|
boolean
mandatory |
-
useTls
-
Toggle to enable TLS access to primary and secondary LDAP targets.
|
boolean |
-
useTlsFallback
=
false
-
Toggle to enable TLS access to the secondary LDAP target.
This attribute is deprecated.
Deprecated: Deprecated in version 2.0. Attribute useTls configures TLS for the primary and fallback server.
|