LDAP Configuration

Lightweight Directory Access Protocol (LDAP) is a directory service for centralizing management of users, groups, hostnames, and other resources (called objects). Oracle ZFS Storage Appliance can act as an LDAP client with the following characteristics:

• LDAP users can log in to the FTP and HTTP services.

• LDAP user names (instead of numerical IDs) can be used to configure root directory ACLs on a share.

  Note:

  The appliance does not use LDAP authorization information. All authorization information is local.

• The LDAP server's certificate can be self-signed.

• You can supply a list of trusted CA certificates.

To configure LDAP, you configure schema settings, security settings, and LDAP servers as described in the following sections:

• LDAP Properties

• LDAP Custom Mappings

• Configuring LDAP Schema Settings - BUI, CLI

• LDAP Security Settings

• Configuring LDAP Security Settings - BUI, CLI

• Configuring the LDAP Server List - BUI, CLI

• Configuring LDAP Server Certificates

• Monitoring LDAP Server Status - BUI, CLI

If Active Directory (AD) is used for the appliance's LDAP service, you can automatically configure LDAP for the current AD domain by following the appropriate procedure: BUI or CLI.

After you have completed LDAP configuration, you can configure an existing LDAP user to be an appliance user. See Adding an LDAP User to the Appliance.

If AD is configured for the LDAP service and you are switching from domain to workgroup mode, you can optionally unconfigure or retain the LDAP configuration and the LDAP service. For more information, see Active Directory Domains and Workgroups.