2.4.1.6.2 Configuring LDAP Authentication for CLI
Perform the following procedure as admusr on the Active NOAM
(Network Operations, Administration, and Maintainance) server of the topology. This will
enable LDAP Authentication for CLI (Command Line Interface) users on the DSR setup:
- Run the below command and replace <LDAP_SERVER_URI> with the LDAP
Server IP or hostname. In case of multiple URIs, rerun the command with different
LDAP URIs. Replace <BASE_DN> with the base DN of LDAP
Server.
/usr/TKLC/appworks/bin/ldapCliAuthentication.sh --add --ldap-uri "<LDAP_SERVER_URI>" --port "389" --base-dn "<BASE_DN>"Example:
/usr/TKLC/appworks/bin/ldapCliAuthentication.sh --add --ldap-uri "ldap-server-1.in" --port "389" --base-dn "dc=oracle,dc=com"Note:
- To add multiple LDAP Servers, rerun the above command with details of each LDAP server.
- The
--addutility supports--hostnamesflag. This means LDAP configuration can be performed selectively on the specified servers of a topology. For more information about hostnames flag, see Targeting Specific Servers.
- Verifying LDAP user sync:
- To verify LDAP users are now available on the DSR system, run
the below command on the DSR system, replacing <LDAP_USERNAME> with
the UID of an existing user on the LDAP
server.
id <LDAP_USERNAME>
- To verify LDAP users are now available on the DSR system, run
the below command on the DSR system, replacing <LDAP_USERNAME> with
the UID of an existing user on the LDAP
server.