No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

eSight V300R010C00 Operation Guide 07

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
How Do I Obtain the LDAP Server Information Required for Setting eSight Parameters

How Do I Obtain the LDAP Server Information Required for Setting eSight Parameters

Question

How can I obtain the LDAP server information required for setting eSight parameters?

Answer

The LDAP server administrator of the customer needs to provide the IP address and port number of the LDAP server, user with the administrator rights and the user password. In addition, the administrator also needs to provide the protocol version, certificate, and certificate password for setting up a secure connection when a secure connection is used. You can set other parameters to fixed values based on the used server type, or log in to the LDAP server with a user with the administrator rights to query the parameter values.

LDAP authentication parameters include four parts: basic parameters, connection parameters, authentication parameters, and authorization parameters. For details, see Table 3-26.

Table 3-26 LDAP authentication parameters

eSight GUI Parameter

How to Obtain

Setting (Interconnection with the Windows AD Server)

Setting (Interconnection with the OpenLDAP Server)

Basic parameters

LDAP server type

-

Microsoft activity directory

Universal LDAP server

Server IP

LDAP server administrator of the customer needs to provide the

Example: 10.135.38.165

Example: 10.135.38.165

Authentication server port

LDAP server administrator of the customer needs to provide the

Example:

  • Common connection: 389
  • SSL connection: 636

Example:

  • Common connection: 389
  • SSL connection: 636

Basic DN

See Querying Benchmark DN.

Example: DC=huawei,DC=com

Example: DC=huawei,DC=com

User object class name

-

Person

EmsPerson

Connection

Connection type

The value is determined based on the certificate for secure connection.

  • No certificate: common connection
  • Only LDAP server certificate: secure connection (one-way authentication)
  • eSight local certificate and LDAP server certificate: secure connection (one-way authentication) or secure connection (two-way authentication). Bidirectional authentication is recommended.

-

-

Secure protocol

LDAP server administrator of the customer needs to provide the

-

-

eSight certificate name

LDAP server administrator of the customer needs to provide the

Example: huawei.p12

Example: huawei.p12

LDAP certificate name

LDAP server administrator of the customer needs to provide the

Example: rootCA.cer

Example: rootCA.cer

Library protection password

LDAP server administrator of the customer needs to provide the

Example: Changeme_123

Example: Changeme_123

Private key password

LDAP server administrator of the customer needs to provide the

Example: Changeme_123

Example: Changeme_123

Authentication

Mode

The authentication mode is determined based on the mode for the LDAP server to manage planned users.

  • If all users allowed to access eSight are in the same public directory on the LDAP server, it is recommended that user account + directory be used.
  • If users allowed to access eSight are scattered in different directories on the LDAP server, set this parameter to DN integrity during administrator login and query.

-

-

Administrator DN

See Querying the Administrator Information.

Example: administrator@huawei.com

Example: CN=manager,DC=huawei,DC=com

Administrator password

Example: secret

Example: secret

User Name Attribute

-

cn

uid

Location format

User directory format on the LDAP server. The options are as follows:

  • Email format
  • LDAP directory format

-

-

Directory/Email suffix

Specified format. Set this parameter based on Basic DN.

Example:

  • Email format: @huawei.com
  • LDAP directory format: DC=huawei,DC=com

Example:

  • Email format: @huawei.com
  • LDAP directory format: DC=huawei,DC=com

Authorization

Mode for obtaining the role bound to a user

-

Query the specified attributed name in the user data model.

Query the specified attributed name in the user data model.

Attribute name in the object class

-

memberOf

groupName

Role name separator

-

;

;

  1. Querying Benchmark DN
    • Windows AD server
      1. Log in to the LDAP server as an operating system user in the Administrators group.
      2. Right-click Computer and choose Manage. The Server Manager page is displayed.
      3. In the navigation tree, choose Roles > Active Directory Domain Services > Active Directory Users and Computers and select the domain controller on which accounts are saved.

        NOTE:

        The name man.sunrise.com of the selected domain controller can be converted to Basic DN, that is, DC=man,DC=sunrise,DC=com.

    • OpenLDAP server
      1. Log in to the LDAP server as the root user.
      2. Open the /etc/openldap/slapd.conf file in the installation directory of openldap.

        NOTE:

        The suffix field in the slapd.conf file is Basic DN, which is dc=huawei,dc=com.

  2. Querying Administrator Information
    • Windows AD server

      The account and password for logging in to the LDAP server are Administrator DN and Administrator password, respectively.

    • OpenLDAP server
      1. Log in to the LDAP server as the root user.
      2. Open the /etc/openldap/slapd.conf file in the installation directory of openldap.

        NOTE:

        The rootdn field in the slapd.conf file is the Administrator DN, which is cn=Manager,dc=huawei,dc=com. The rootpw field in the slapd.conf file is the Administrator password, which is secret.

Translation
Download
Updated: 2019-06-30

Document ID: EDOC1100044378

Views: 58532

Downloads: 268

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next