You can configure an LDAP server for user
validation and to fetch user groups.
About this task
LDAP supports three modes for fetching the
roles assigned to a user.
- The role is available as an
attribute in the user Distinguished Name (DN) entry. Group attribute definition
is not needed.
- The user has a "memberOf"
attribute or any appropriate group DN attribute to identify the groups assigned
to the user. Assign the corresponding LDAP group to a role in EFA.
- LDAP groups have user entries in
their group definitions. Assign the LDAP groups to roles in EFA.
Procedure
-
To configure an external LDAP
server, run the following command.
# efa auth ldapconfig add --name ldapconfig –- host 10.x.x.x --bind-user-
name cn=admin,dc=extrnet,dc=com --bind-user-password password --user-search-
base ou=people,dc=extrnet,dc=com
This example configures the bind user name
and password and the DN of the node from which searches start.
-
To configure an LDAP server in a
TPVM (for the TPVM Ubuntu OS), run the tpvm config ldap
command from the SLX-OS command line.
