No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 2200 V3 and 2600 V3 Storage System V300R005 Command Reference

"Based on the CLI provided by the DeviceManager, this document describes how to use variouscommands classified by functions and how to set the CLI and manage the storage system throughthese commands."
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
change domain ldap_config

change domain ldap_config

Function

The change domain ldap_config command is used to modify LDAP domain authentication configurations.

Format

change domain ldap_config server_ip_list=? transfer_type=? base_dn=? password_hash=? port=? [ [ user_suffix=? ] | [ group_suffix=? ] | [ shadow_suffix=? ] | [ bind_dn=? bind_password=? ] | [ timelimit=? ] | [ bind_timelimit=? ] | [ idle_timelimit=? ] ] *

Parameters

Parameter

Description

Value

server_ip_list=? IP address of the LDAP server.

A maximum of three IP addresses (IPv4 and IPv6) can be specified, and they must be separated from each other using commas (,).

transfer_type=? LDAP encryption algorithm.

Possible values are "LDAP" and "LDAPS", where:

  • "LDAPS": The SSL encryption algorithm is enabled.
  • "LDAP": The SSL encryption algorithm is disabled.
NOTE:
To ensure secure data transmission, you are advised to use Secure Sockets Layer(SSL) encryption. Before selecting the LDAPS protocol, use the "import certificate" command to import the CA certificate file for the LDAP domain server.
base_dn=? Base distinguished name (DN) of the LDAP directory, that is, the root directory of the LDAP server.

The value is in the format of "cn=?, ou=?, dc=?".

password_hash=? Password encryption method.

Possible values are "clear", "md5", and "crypt", where:

  • "clear": clear encryption.
  • "md5": md5 encryption.
  • "crypt": crypt encryption.
NOTE:
Bucause clear and md5 unsafe for secure data transmission, you are advised to use crypt encryption.
port=? LDAP listening port.

The value is an integer ranging from 1 to 65,535. The default LDAP port is 389, the default LDAPS port is 636.

user_suffix=? Filter criteria for querying users. If this parameter is not configured, the querying starts from the root directory.

The value consists of 1 to 63 characters.

group_suffix=? Filter criteria for querying groups. If this parameter is not configured, the querying starts from the root directory.

The value consists of 1 to 63 characters.

shadow_suffix=? Filter criteria for querying passwords. If this parameter is not configured, the querying starts from the root directory.

The value consists of 1 to 63 characters.

bind_dn=? A DN bound with an LDAP server. If anonymous binding is not available for an LDAP server, you must bind DNs before you can retrieve the information on users or user groups.

The value is in the format of "cn=?, ou=?, dc=?".

bind_password=? Password for login. The password must be the same as that for logging in to the LDAP server.

The value consists of 1 to 63 characters.

timelimit=? The parameter specifies the amount of time to wait for a response to an LDAP query.
The value is an integer ranging from 0 to 2,147,483,647.
NOTE:
A value of 0 means no timeout limit.
bind_timelimit=? The parameter specifies the amount of time to wait while trying to connect to an LDAP server.

The value is an integer ranging from 1 to 2,147,483,647.

idle_timelimit=? Client will close connections if the LDAP server has not been contacted for the number of seconds specified by the parameter.
The value is an integer ranging from 0 to 2,147,483,647.
NOTE:
A value of 0 means no timeout limit.

Level

Administrator

Usage Guidelines

  • Parameters "bind_dn" and "bind_password" must be entered at the same time.
  • OceanStor 2200 V3 storage system do not support this command.

Example

  • Querying LDAP domain authentication configurations before the modification, run the following command.

    admin:/>show domain ldap
    IP Address List :   
    Base DN         :   
    Port            : 
    Password Hash   : -- 
    Transfer Type   : --
    User Suffix     :   
    Group Suffix    :   
    Shadow Suffix   : 
    Timelimit       : 3
    Bind Timelimit  : 3
    Idle Timelimit  : 30
    Bind DN         : 
  • Modifying LDAPS domain authentication configurations, run the following command.

    admin:/>change domain ldap_config server_ip_list=10.40.25.8 transfer_type=LDAPS base_dn=dc=huawei,dc=com password_hash=md5 port=636 group_suffix=dc=huawei,dc=com shadow_suffix=dc=huawei,dc=com user_suffix=dc=huawei,dc=com bind_dn=cn=root,dc=huawei,dc=com bind_password=*********
    WARNING: You are about to run the command for configuring the LDAP domain. This operation restarts the NFS service, which may interrupt the NFS service temporarily.
    Suggestion: Before performing this operation, ensure that the risk is acceptable.
    Have you read warning message carefully?(y/n)y
    Are you sure you really want to perform the operation?(y/n)y
    Command executed successfully.
  • Querying LDAPS domain authentication configurations after the modification, run the following command.

    admin:/>show domain ldap
    IP Address List : 10.40.25.8 
    Base DN         : dc=huawei,dc=com 
    Port            : 636 
    Password Hash   : Md5 
    Transfer Type   : LDAPS 
    User Suffix     : dc=huawei,dc=com 
    Group Suffix    : dc=huawei,dc=com 
    Shadow Suffix   : dc=huawei,dc=com
    Timelimit       : 3  
    Bind Timelimit  : 3 
    Idle Timelimit  : 30
    Bind DN         : cn=root,dc=huawei,dc=com
  • Modifying LDAP domain authentication configurations, run the following command.

    admin:/>change domain ldap_config server_ip_list=10.40.25.8 transfer_type=LDAP base_dn=dc=huawei,dc=com password_hash=md5 port=389 group_suffix=dc=huawei,dc=com shadow_suffix=dc=huawei,dc=com user_suffix=dc=huawei,dc=com bind_dn=cn=root,dc=huawei,dc=com bind_password=*********
    Command executed successfully.
  • Querying LDAP domain authentication configurations after the modification, run the following command.

    admin:/>show domain ldap
    IP Address List : 10.40.25.8 
    Base DN         : dc=huawei,dc=com 
    Port            : 389
    Password Hash   : Md5 
    Transfer Type   : LDAP
    User Suffix     : dc=huawei,dc=com 
    Group Suffix    : dc=huawei,dc=com 
    Shadow Suffix   : dc=huawei,dc=com
    Timelimit       : 3  
    Bind Timelimit  : 3 
    Idle Timelimit  : 30
    Bind DN         : cn=root,dc=huawei,dc=com

System Response

None

Translation
Download
Updated: 2019-04-22

Document ID: EDOC1000106139

Views: 235525

Downloads: 168

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next