No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R009C00 Operation Guide 09

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
LDAP Data Model

LDAP Data Model

Before interconnet with the iEMP server, you need to understand the structure of the directory tree at first, and define users and user groups on the LDAP server.

Definitions of the User

In LDAP authentication, you need to define users on the LDAP server, then the eSight obtain the information of the user when the eSight server communicates with the LDAP server.

You can define the user on LDAP Server by referring to the following example. Table 3-5 shows the parameters related to user definition.

Below is the example,

dn: cn=xxx,dc=huawei,dc=com  (basedn Mandatory)   
objectClass:Person    
cn:xxx   userPassword:  (Mandatory)    
groupName:  (Optional)
Table 3-5 User definition

User properties

Description

Constraints of Fixed Property

Optional/Mandatory

dn

Base dn.

Example:

cn=xxx, dc=huawei, dc=com

cn, dc, dc must be configurated.

Mandatory

objectClass

Object class name.

The name contains a maximum of 32 characters, including only uppercase letters, lowercase letters, digits, and underscores.

Mandatory

cn

Name of a user.

The name contains a maximum of 32 characters, including only uppercase letters, lowercase letters, digits, and underscores. No symbols like #%&'+|/ ();<=>?\[]:,*@" are permitted to use, and the user name must be unique.

Mandatory

userPassword

Plain password of a user.

The user password.

Mandatory

groupName

Group to which a user belongs. A user can be bound with multiple groups.

A user group name cannot exceed 64 characters, including only uppercase letters, lowercase letters, digits, and underscores. Group names must be separated with a comma (,), "SMUsers, FMUsers".

Optional

Relationships Between the DC, OU, and CN in an LDAP Character String

In LDAP, a directory is in the tree form. A DN identifies a node in a tree.

A DN has the following attributes: domain component (DC), organizational unit (OU), and common name (CN).

The following provides an example:

CN=test,OU=developer,DC=domainname,DC=com

Table 3-6 Parameter description

Parameter

Description

CN

Indicates a common name,which is similar to a user name or server name.

OU

Indicates anorganizational unit, which is similar to a group.

DC

Indicates a domaincontroller, which is similar to a file system directory.

The preceding example means that user test is in the developer group in the domainname.com domain, as shown in Figure 1.

Figure 3-4 Relationships between a DC, an OU, and a CN
Download
Updated: 2019-05-17

Document ID: EDOC1100011877

Views: 284452

Downloads: 544

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next