Configuring LDAP Security Settings (CLI)

Use the following procedure to configure LDAP security settings.

Go to configuration services ldap and enter show to view the properties.

The following table shows property value combinations that are valid for the remaining steps in this procedure.

cred_level	auth_method	use_tls
anonymous	none	true
anonymous	none	false
self	sasl/GSSAPI	false
proxy	simple	true
proxy	simple	false Note: This setting is permitted, but not recommended because the user's distinguished name (DN) and password will be sent in plain text.
proxy	sasl/DIGEST-MD5	true
proxy	sasl/DIGEST-MD5	false

Specify the credentials to use to authenticate Oracle ZFS Storage Appliance to the LDAP server.
Set cred_level to anonymous, self, or proxy.
```
hostname:configuration services ldap> set cred_level=proxy
```
Specify an authentication method.
Set auth_method to one of the following options:
- none - None (use with anonymous)
- sasl/GSSAPI - SASL/GSSAPI (use with self)
- simple - Simple, RFC 4513 (use with proxy)
- sasl/DIGEST-MD5 - SASL/DIGEST-MD5 (use with proxy)
```
hostname:configuration services ldap> set auth_method=sasl/DIGEST-MD5
```
Set additional properties for proxy credentials.
If cred_level is set to proxy, then set the proxy account name and password.
```
hostname:configuration services ldap> set proxy_dn=ProxyName
hostname:configuration services ldap> set proxy_password=MyPassword5
```
Enable SSL/TLS.
If you specified either anonymous or proxy for cred_level, you can choose to enable SSL/TLS. Enabling TLS is highly recommended so that critical information is sent securely.
```
hostname:configuration services ldap> set use_tls=true
```
Enter commit.

Changes to the LDAP server configuration will be validated when committed. If the proxy_dn or proxy_password validation fails or times out, a warning message is displayed.