To configure security settings for the LDAP service, use the following procedure. For valid property setting combinations, see the table at the end of this task.
hostname:configuration services ldap> show Properties: <status> = enabled default_servers = proxy_dn = proxy_password = base_dn = search_scope = one cred_level = anonymous auth_method = none use_tls = false user_search = user_mapattr = user_mapobjclass = group_search = group_mapattr = group_mapobjclass = netgroup_search = netgroup_mapattr = netgroup_mapobjclass =
anonymous - Allows anonymous authentication for access to data available to everyone.
self - Provides self-authentication for users based on their identity and credentials. Self-authentication uses Kerberos encryption and the SASL/GSSAPI authentication method.
proxy - Specifies authentication through a proxy for a specific user account.
hostname:configuration services ldap> set cred_level=proxy cred_level = proxy (uncommitted)
none - None (use with anonymous)
sasl/GSSAPI - SASL/GSSAPI (use with self)
simple - Simple, RFC 4513 (use with proxy)
sasl/DIGEST-MD5 - SASL/DIGEST-MD5 (use with proxy)
hostname:configuration services ldap> set auth_method=simple auth_method = simple (uncommitted)
Enabling SSL/TLS is highly recommended when using the simple authentication method so the user's distinguished name and password are not sent in plain text.
hostname:configuration services ldap> set use_tls=true use_tls = true (uncommitted)
hostname:configuration services ldap> set proxy_dn=ProxyName proxy_dn = ProxyName (uncommitted) hostname:configuration services ldap> set proxy_password=MyPassword5 proxy_password = *********** (uncommitted)
hostname:configuration services ldap> commit
Refer to the following table for valid security property setting combinations:
|