要配置 LDAP 服务的安全设置,请使用以下过程。有关有效的属性设置组合,请参见此任务末尾的表。
hostname:configuration services ldap> show Properties: <status> = enabled default_servers = proxy_dn = proxy_password = base_dn = search_scope = one cred_level = anonymous auth_method = none use_tls = false user_search = user_mapattr = user_mapobjclass = group_search = group_mapattr = group_mapobjclass = netgroup_search = netgroup_mapattr = netgroup_mapobjclass =
anonymous-允许匿名验证,以便访问可用于所有人的数据。
self-基于身份与凭证为用户提供自我验证。自我验证使用 Kerberos 加密和 SASL/GSSAPI 验证方法。
proxy-指定对于特定用户帐户通过代理进行验证。
hostname:configuration services ldap> set cred_level=proxy cred_level = proxy (uncommitted)
none-无(与 anonymous 一起使用)
sasl/GSSAPI-SASL/GSSAPI(与 self 一起使用)
simple-简单,RFC 4513(与 proxy 一起使用)
sasl/DIGEST-MD5-SASL/DIGEST-MD5(与 proxy 一起使用)
hostname:configuration services ldap> set auth_method=simple auth_method = simple (uncommitted)
使用简单验证方法时强烈建议启用 SSL/TLS,以便用户的标识名和密码不以纯文本形式发送。
hostname:configuration services ldap> set use_tls=true use_tls = true (uncommitted)
hostname:configuration services ldap> set proxy_dn=ProxyName proxy_dn = ProxyName (uncommitted) hostname:configuration services ldap> set proxy_password=MyPassword5 proxy_password = *********** (uncommitted)
hostname:configuration services ldap> commit
|