要配置 LDAP 服务的安全设置,请使用以下过程。有关有效的属性设置组合,请参见此任务末尾的表。
hostname:configuration services ldap> show
Properties:
<status> = enabled
default_servers =
proxy_dn =
proxy_password =
base_dn =
search_scope = one
cred_level = anonymous
auth_method = none
use_tls = false
user_search =
user_mapattr =
user_mapobjclass =
group_search =
group_mapattr =
group_mapobjclass =
netgroup_search =
netgroup_mapattr =
netgroup_mapobjclass =
anonymous-允许匿名验证,以便访问可用于所有人的数据。
self-基于身份与凭证为用户提供自我验证。自我验证使用 Kerberos 加密和 SASL/GSSAPI 验证方法。
proxy-指定对于特定用户帐户通过代理进行验证。
hostname:configuration services ldap> set cred_level=proxy
cred_level = proxy (uncommitted)
none-无(与 anonymous 一起使用)
sasl/GSSAPI-SASL/GSSAPI(与 self 一起使用)
simple-简单,RFC 4513(与 proxy 一起使用)
sasl/DIGEST-MD5-SASL/DIGEST-MD5(与 proxy 一起使用)
hostname:configuration services ldap> set auth_method=simple
auth_method = simple (uncommitted)
使用简单验证方法时强烈建议启用 SSL/TLS,以便用户的标识名和密码不以纯文本形式发送。
hostname:configuration services ldap> set use_tls=true
use_tls = true (uncommitted)
hostname:configuration services ldap> set proxy_dn=ProxyName
proxy_dn = ProxyName (uncommitted)
hostname:configuration services ldap> set proxy_password=MyPassword5
proxy_password = *********** (uncommitted)
hostname:configuration services ldap> commit
|