1. Oracle ZFS Storage Appliance Administration Guide, Release OS8.8.x
  2. Appliance Services
  3. Configuring Services
  4. LDAP Configuration
  5. LDAP Security Settings

LDAP Security Settings

Caution:

To reduce security risks, always configure LDAP with SSL/TLS or Kerberos.

To configure security settings for the LDAP service, first specify the credentials to use to authenticate the appliance to the LDAP server. Then specify other properties as necessary to support the credentials choice.

The appliance can authenticate by using one of the following sets of credentials:

  • Anonymous:
    • Anonymous authentication restricts data access for the appliance to only data that is available to everyone.
    • You can choose to enable the TLS (formerly known as SSL) protocol. Enabling TLS is highly recommended so that critical information is sent securely.
  • Self: Self authentication uses the user's identity and credentials to authenticate the appliance. Self authentication uses Kerberos encryption and the SASL/GSSAPI authentication method.
  • Proxy (Specific User):
    • Proxy authentication uses a proxy for a specific user account.
    • You can choose to enable the TLS (formerly known as SSL) protocol. Enabling TLS is highly recommended so that critical information is sent securely.
    • You must select the authentication method: either Simple (RFC 4513) or SASL/DIGEST-MD5.
    • You must specify the proxy DN and the proxy password. The proxy DN is the distinguished name of the account that will be used for proxy authentication. The proxy password is the password for the proxy DN account.

If you specify port 636 when an LDAP server is added, the system configures LDAP and raw TLS. If you specify any other port when an LDAP server is added (typically 389), the system configures LDAP and StartTLS. For information about StartTLS, see "LDAP Security Properties" table in LDAP Properties.