1. Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x
  2. Appliance Services
  3. Configuring Services
  4. LDAP Configuration
  5. LDAP Custom Mappings
  6. Configuring LDAP Schema Settings (BUI)

Configuring LDAP Schema Settings (BUI)

Use the following procedure to configure LDAP schema settings.
  1. From the Configuration menu, select Services.
  2. Under Directory Services, select LDAP.

    On the Properties tab, go to the Schema section of the page.

  3. Enter a value for Base search DN.

    For example, enter:

    dc=example,dc=com

    This base search DN is automatically prepended with ou=people for user searches, ou=group for group searches, and ou=netgroup for netgroup searches. If these values do not work in your environment, set different values for search descriptor in the schema definition for that type of search. The value of base search DN is ignored if you provide a value for search descriptor in the schema definition.

  4. Select either recursive or non-recursive search scope.

    This selection applies to all searches. To override this selection for specific types of searches, provide a value for search descriptor in the schema definition for that type of search. The value of search scope is ignored if you provide a value for search descriptor in the schema definition.

  5. Click Edit next to the schema definition heading.

    The Edit LDAP Schema Definition dialog box opens. The dialog box has three tabs: Users, Groups, and Netgroups. Each tab has three property fields: Search descriptor, Attribute mappings, and Object class mappings.

  6. Edit the Search descriptor fields.

    The default search descriptor that is used for user searches is ou=people,base-search-DN . The default search descriptor that is used for group searches is ou=group,base-search-DN . The default search descriptor that is used for netgroup searches is ou=netgroup,base-search-DN . If your LDAP database does not have subtrees named people, group, or netgroup, then searches of the database will fail as object not found.

    Edit the search descriptor fields on each tab to enter the correct subtrees to search for users, groups, and netgroups. For example, on the Users tab, you might enter the following for the search descriptor: 

    ou=employees,dc=example,dc=com

    If your LDAP database does not have subtrees for users and groups, use this search descriptor field to re-enter the base search DN to prevent ou=people or ou=group from being prepended automatically. For example, enter the following in the Users or Groups search descriptor field: 

    dc=example,dc=com

    You must include the full base search DN in the search descriptor value. Also include your scope selection. Both the base search DN and scope selection will be ignored and the search descriptor value will be used instead. The example in the previous paragraph specifies non-recursive search. To specify recursive search, change that example to the following:

    dc=example,dc=com?sub
  7. Edit the Attribute mappings fields.

    The default attributes that are used for user searches are shown in table "Attributes of the Users Data Type" in LDAP Custom Mappings. The default attributes that are used for group searches are shown in table "Attributes of the Groups Data Type" in LDAP Custom Mappings.

    If your organization stores this data in different attributes, use the Attribute mappings field to specify the attribute to use to retrieve the given data. For example, to use employeename instead of uid as the attribute for user names, enter uid=employeename in the attribute mappings field on the Users tab.

    To specify additional attribute changes for a given data type, click the add icon image showing the add icon to the right of the Attribute mappings field.

  8. Edit the Object class mappings fields.

    The default object class that is used for user searches is posixAccount. The default object class that is used for group searches is posixGroup. The default object class that is used for netgroup searches is nisNetgroup.

    If your environment uses a different object class, use the Object class mappings field to specify the name of the object class to use. For example, to use unixaccount instead of posixAccount as the user object class, enter posixAccount=unixaccount in the Object class mappings field on the Users tab.

    To specify additional object class changes, click the add icon image showing the add icon to the right of the Object class mappings field.

  9. Click Save in the Edit LDAP Schema Definition dialog box.
  10. Click APPLY at the top of the LDAP page.

Related Topics