No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

OceanStor 18000 and 18000F V5 Series V500R007

This document is applicable to OceanStor 18500 V5, 18800 V5, 18500F V5, and 18800F V5. Based on the CLI provided by DeviceManager, this document describes how to use various commands classified by functions and how to set the CLI and manage the storage system through these commands. The document that you browse online matches the latest C version of the product. Click Download to download documents of other C versions.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
create ldap authconfig

create ldap authconfig

Function

The create ldap authconfig command is used to configure the configuration information about a domain authentication server.

Format

create ldap authconfig type=? base_dn=? bind_dn=? bind_password=? user_search_path=? over_ssl=? [ server_id=? | user_id_attr=? | user_name_attr=? | group_id_attr=? | group_name_attr=? | group_member_attr=? | user_objectclass=? | group_objectclass=? | group_search_path=? | host_list=? | port=? ] *

Parameters

Parameter

Description

Value

type=?

Type of the LDAP server.

The value is case-insensitive and can be "LDAP" or "AD", where:

  • "LDAP": indicates the common LDAP protocol.
  • "AD": indicates the Active Directory (AD) protocol.

group_objectclass=?

Name of a class to which a user group belongs.

The value contains 1 to 63 characters. The default value can be "groupOfUniqueNames" or "group", where:

  • "groupOfUniqueNames" when type=? is set to LDAP.
  • "group" when type=? is set to AD.

user_objectclass=?

Name of a class to which a user belongs.

The value contains 1 to 63 characters. The default value can be "posixAccount" or "user", where:

  • "posixAccount" when type=? is set to LDAP.
  • "user" when type=? is set to AD.

group_member_attr=?

Attribute of a user group member name.

The value contains 1 to 63 characters. The default value can be "uniqueMember" or "member", where:

  • "uniqueMember" when type=? is set to LDAP.
  • "member" when type=? is set to AD.

group_name_attr=?

Attribute of a user group name.

The value contains 1 to 63 characters. The default value can be "cn" or "sAMAccountName", where:

  • "cn" when type=? is set to LDAP.
  • "sAMAccountName" when type=? is set to AD.

group_id_attr=?

Attribute of a user group ID.

The value contains 1 to 63 characters. The default value can be "gidNumber" or "uSNCreated", where:

  • "gidNumber" when type=? is set to LDAP.
  • "uSNCreated" when type=? is set to AD.

user_name_attr=?

Attribute of a user name.

The value contains 1 to 63 characters. The default value can be "uid" or "sAMAccountName", where:

  • "uid" when type=? is set to LDAP.
  • "sAMAccountName" when type=? is set to AD.

user_id_attr=?

Attribute of a user ID.

The value contains 1 to 63 characters. The default value can be "uidNumber" or "uSNCreated", where:

  • "uidNumber" when type=? is set to LDAP.
  • "uSNCreated" when type=? is set to AD.

over_ssl=?

Whether to enable SSL communication for an LDAP server.

The value can be "yes" or "no", where:

  • "yes": The SSL function is used.
  • "no": The SSL function is not used.

The default value is "no".

group_search_path=?

LDAP directory server path under which user groups will be searched for.

The value contains 1 to 255 characters. The value is in the format of cn=, ou=, dc=.

user_search_path=?

LDAP directory server path under which users will be searched for.

The value contains 1 to 255 characters. The value is in the format of cn=, ou=, dc=.

bind_password=?

Password for a bound DN.

The value contains 1 to 63 characters.

bind_dn=?

DN bound with an LDAP server. If anonymous binding is not available for an LDAP server, you must bind DNs before you can retrieve the information on users or user groups.

The value contains 1 to 255 characters. The value is in the format of cn=, ou=, dc=.

port=?

ID of the employed listening port on an LDAP server.

The value is an integer between 1 and 65535.

base_dn=?

Base distinguished name (DN). This parameter defines a start point for searching on an LDAP directory server.

The value contains 1 to 255 characters and cannot contain slashes (/). The value is in the format of "cn=", "ou=", and "dc=" and can contain one, two, or three of them. If the value contains only "dc=", "dc=domain" is not supported.

host_list=?

IP addresses of employed LDAP servers.

The value can be a maximum of four IP addresses separated by commas (,). You can access the LDAP server by using any of the listed IP addresses.

server_id

ID of a domain authentication server.

The value is an integer from 0 to 3.

Level

Super administrator

Usage Guidelines

  • The domain authentication server information configured on the storage system must be the same as that configured on the server. Otherwise, the domain authentication function of the domain server cannot be used.
  • To ensure data transfer security, you are advised to use SSL encryption.
  • If "host_list" is configured, "port" must be configured to specify a domain server for authentication. If "host_list" is not configured, you do not need to configure "port" because the domain name in the "baseDN" will be used to search in the DNS and find the corresponding domain server for authentication.
  • If no domain server ID is specified, the default ID is 0.

Example

Configure the configuration information about domain authentication server "3", where the type of the servers is LDAP, the IP addresses of the servers are respectively "192.168.3.4" and "192.168.5.2", the employed listening port is port "389", the base DN is "cn=JohnDoe","ou=cd","dc=example","dc=com", the bound DN is "cn=Manager","ou=cq","dc=example","dc=com", the password for the bound DN is "123456", the path under which users will be searched for is "cn=emply", the path under which user groups will be searched for is "cn=emply", SSL communication for the LDAP server is enabled, and the remaining parameters are in their defaults.

admin:/>create ldap authconfig type=LDAP base_dn=cn=JohnDoe,ou=cd,dc=example,dc=com bind_dn=cn=Manager,ou=cq,dc=example,dc=com bind_password=****** user_search_path=cn=emply group_search_path=cn=emply over_ssl=yes host_list=192.168.3.4,192.168.5.2 port=389 server_id=3 
Command executed successfully.

System Response

None

Translation
Download
Updated: 2019-09-02

Document ID: EDOC1000181601

Views: 321477

Downloads: 41

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next