No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference 10

OceanStor 18500 V3 and 18800 V3 Mission Critical Storage System V300R003

"Based on the CLI, this document describes how to use various commands classified by functions and how to set the CLI and manage the storage system through these commands. The document that you browse online matches the latest C version of the product. Click Download to download documents of other C versions."
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
change domain ldap_config

change domain ldap_config

Function

The change domain ldap_config command is used to modify LDAP domain authentication configurations.

Format

change domain ldap_config server_ip_list=? transfer_type=? base_dn=? password_hash=? port=? [ [ user_suffix=? ] | [ group_suffix=? ] | [ shadow_suffix=? ] | [ bind_dn=? bind_password=? ] | [ timelimit=? ] | [ bind_timelimit=? ] | [ idle_timelimit=? ] ] *

Parameters

Parameter

Description

Value

server_ip_list=? IP address of the LDAP server.

A maximum of three IP addresses (IPv4 or IPv6 addresses) are supported. Use commas (,) to separate IP addresses.

transfer_type=? LDAP encryption algorithm.

The value can be "LDAP" or "LDAPS", where:

  • "LDAPS": The SSL encryption algorithm is enabled.
  • "LDAP": The SSL encryption algorithm is disabled.
NOTE:
To ensure secure data transmission, you are advised to use Secure Sockets Layer(SSL) encryption. Before selecting the LDAPS protocol, run the "import certificate" command to import the CA certificate file of the LDAP domain server.
base_dn=? Base distinguished name (DN) of the LDAP directory, that is, the root directory of the LDAP server.

The value is in the format of "cn=?, ou=?, dc=?".

password_hash=? Password encryption method.

The value can be "clear", "md5", or "crypt", where:

  • "clear": clear encryption.
  • "md5": md5 encryption.
  • "crypt": crypt encryption.
NOTE:
Because clear and md5 cannot ensure secure data transmission, you are advised to use crypt encryption.
port=? LDAP listening port.

The value is an integer ranging from 1 to 65,535. The default LDAP port is 389 and default LDAPS port is 636.

user_suffix=? Filter criteria for querying users. If this parameter is not configured, the query starts from the root directory.

The value consists of 1 to 63 characters.

group_suffix=? Filter criteria for querying groups. If this parameter is not configured, the query starts from the root directory.

The value consists of 1 to 63 characters.

shadow_suffix=? Filter criteria for querying passwords. If this parameter is not configured, the query starts from the root directory.

The value consists of 1 to 63 characters.

bind_dn=? DN bound with an LDAP server. If anonymous binding is not supported on an LDAP server, you must bind DNs before you can retrieve the information about users or user groups.

The value is in the format of "cn=?, ou=?, dc=?".

bind_password=? Password for login. The password must be the same as that for logging in to the LDAP server.

The value consists of 1 to 63 characters.

timelimit=? Timeout threshold for the client to wait for response from the server to a query request.

The value must be an integer from 0 to 2,147,483,647.

NOTE:
If the parameter value is set to "0", there is no limit on the timeout threshold.
bind_timelimit=? Timeout threshold of the connection setup between a client and a server.

The value must be an integer ranging from 1 to 2,147,483,647.

idle_timelimit=? The value must be an integer ranging from 0 to 2,147,483,647.
NOTE:
If the parameter value is set to "0", there is no limit on the timeout threshold.
The value is an integer ranging from 0 to 2,147,483,647.
NOTE:
A value of 0 means no timeout limit.

Level

Administrator

Usage Guidelines

Parameters "bind_dn" and "bind_password" must be entered at the same time.

Example

  • Query LDAP domain authentication configurations before the modification.

    admin:/>show domain ldap
    IP Address List : 
    Base DN         :   
    Port            : 
    Password Hash   : -- 
    Transfer Type   : --
    User Suffix     :   
    Group Suffix    :   
    Shadow Suffix   : 
    Timelimit       : 3
    Bind Timelimit  : 3
    Idle Timelimit  : 30
    Bind DN         : 
  • Modify LDAPS domain authentication configurations.

    admin:/>change domain ldap_config server_ip_list=10.40.25.8 transfer_type=LDAPS base_dn=dc=huawei,dc=com password_hash=md5 port=636 group_suffix=dc=huawei,dc=com shadow_suffix=dc=huawei,dc=com user_suffix=dc=huawei,dc=com bind_dn=cn=root,dc=huawei,dc=com bind_password=*********
    WARNING: You are about to run the command for configuring the LDAP domain. This operation restarts the NFS service, which may interrupt the NFS service temporarily.
    Suggestion: Before performing this operation, ensure that the risk is acceptable.
    Have you read warning message carefully?(y/n)y
    Are you sure you really want to perform the operation?(y/n)y
    Command executed successfully.
  • Query LDAPS domain authentication configurations after the modification.

    admin:/>show domain ldap
    IP Address List : 10.40.25.8
    Base DN         : dc=huawei,dc=com 
    Port            : 636 
    Password Hash   : Md5 
    Transfer Type   : LDAPS 
    User Suffix     : dc=huawei,dc=com 
    Group Suffix    : dc=huawei,dc=com 
    Shadow Suffix   : dc=huawei,dc=com
    Timelimit       : 3  
    Bind Timelimit  : 3 
    Idle Timelimit  : 30
    Bind DN         : cn=root,dc=huawei,dc=com
  • Modify LDAP domain authentication configurations.

     admin:/>change domain ldap_config server_ip_list=10.40.25.8 transfer_type=LDAP base_dn=dc=huawei,dc=com password_hash=md5 port=389 group_suffix=dc=huawei,dc=com shadow_suffix=dc=huawei,dc=com user_suffix=dc=huawei,dc=com bind_dn=cn=root,dc=huawei,dc=com bind_password=*********
    Command executed successfully.
  • Query LDAP domain authentication configurations after the modification.

    admin:/>show domain ldap
    IP Address List : 10.40.25.8 
    Base DN         : dc=huawei,dc=com 
    Port            : 389
    Password Hash   : Md5 
    Transfer Type   : LDAP
    User Suffix     : dc=huawei,dc=com 
    Group Suffix    : dc=huawei,dc=com 
    Shadow Suffix   : dc=huawei,dc=com
    Timelimit       : 3  
    Bind Timelimit  : 3 
    Idle Timelimit  : 30
    Bind DN         : cn=root,dc=huawei,dc=com

System Response

None

Translation
Download
Updated: 2019-07-22

Document ID: EDOC1000084078

Views: 317690

Downloads: 253

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next