Go to main content
Oracle® ZFS Storage Appliance Administration Guide, Release OS8.7.0

Exit Print View

Updated: July 2017
 
 

Configuring LDAP Security Settings (CLI)

To configure security settings for the LDAP service, use the following procedure. For valid property setting combinations, see the table at the end of this task.

  1. Go to configuration services ldap and enter show to view the properties. 
    hostname:configuration services ldap> show
Properties:
                      <status> = enabled
               default_servers =
                      proxy_dn =
                proxy_password =
                       base_dn =
                  search_scope = one
                    cred_level = anonymous
                   auth_method = none
                       use_tls = false
                   user_search =
                  user_mapattr =
              user_mapobjclass =
                  group_search =
                 group_mapattr =
             group_mapobjclass =
               netgroup_search =
              netgroup_mapattr =
          netgroup_mapobjclass =
  2. To set the credential level, enter set cred_level= and one of the following options:

    • anonymous - Allows anonymous authentication for access to data available to everyone.

    • self- Provides self-authentication for users based on their identity and credentials. Self-authentication uses Kerberos encryption and the SASL/GSSAPI authentication method.

    • proxy - Specifies authentication through a proxy for a specific user account. 

    hostname:configuration services ldap> set cred_level=proxy
                      cred_level = proxy (uncommitted)
  3. To set the authorization method, enter set auth_method= and one of the following options:

    • none - None (use with anonymous)

    • sasl/GSSAPI - SASL/GSSAPI (use with self)

    • simple - Simple, RFC 4513 (use with proxy)

    • sasl/DIGEST-MD5 - SASL/DIGEST-MD5 (use with proxy)

    hostname:configuration services ldap> set auth_method=simple
                      auth_method = simple (uncommitted)
  4. To enable or disable SSL/TLS, enter set use_tls= and either true or false.

    Enabling SSL/TLS is highly recommended when using the simple authentication method so the user's distinguished name and password are not sent in plain text.

    hostname:configuration services ldap> set use_tls=true
                      use_tls = true (uncommitted)
  5. If the credential level is set to proxy, enter set proxy_dn= and the distinguished name of the account used for proxy authentication. Then enter set proxy_password= and the password for the account. 
    hostname:configuration services ldap> set proxy_dn=ProxyName
                      proxy_dn = ProxyName (uncommitted)
hostname:configuration services ldap> set proxy_password=MyPassword5
                proxy_password = *********** (uncommitted)
  6. Enter commit. 
    hostname:configuration services ldap> commit
  7. Refer to the following table for valid security property setting combinations.
    cred_level
    auth_method
    use_tls
    anonymous
    none
    true
    none
    false
    self
    sasl/GSSAPI
    false
    proxy
    simple
    true
    simple
    false
    Permitted, but not recommended because the user's distinguished name (DN) and password will be sent in plain text.
    sasl/DIGEST-MD5
    true
    sasl/DIGEST-MD5
    false

Related Topics

Copyright © 2009, 2017, Oracle and/or its affiliates. All rights reserved. 
Previous
Next