Eaton Network-M2 - Servicing the Network Management Module; Configuring;Commissioning;Testing LDAP

To Next Page

To Previous Page

Configuring/Commissioning/Testing LDAP

Servicing the Network Management Module – 159

4 Servicing the Network Management Module

4.1 Configuring/Commissioning/Testing LDAP

4.1.1 Commissioning

Refer to the sectionContextual help>>>Settings>>>Local users to get help on the configuration.

4.1.1.1 Configuring connection to LDAP database

This step configures the LDAP client of the network module to request data from an LDAP base.

Activate LDAP.

Define security parameters according to LDAP servers' requirements.

Configure primary server (and optionally a secondary one).

If security configuration needs server certificate verification, import your LDAP server certificate.

Refer to the section to get help on certificate import.

In case LDAP server certificate is self-signed, import the self-signed certificate in the

Trusted remote certificate

list

for

LDAP

service.

in case LDAP server certificate has been signed by a CA, import the corresponding CA in the

Certificate authorities

(CA)

list for

LDAP

service.

Configure credentials to bind with the LDAP server or select

anonymous

if no credentials are required.

Configure the

Search base DN

Configure the request parameters (see examples below).

4.1.1.1.1 Typical request parameters

Parameter OpenLDAP Active Directory™ with POSIX

account activated

Active Directory™

User base DN ou=users, dc=example, dc=com ou=users, dc=example, dc=com ou=users, dc=example, dc=com

User name attribute uid uid sAMAccountName

UID attribute uidNumber uidNumber objectSid:S-1-5-xx-yy-zz (domain SID)

Group base DN ou=groups, dc=example, dc=com ou=groups, dc=example, dc=com ou=groups, dc=example, dc=com

Group name attribute gid gid sAMAccountName

GID attribute gidNumber gidNumber objectSid:S-1-5-xx-yy-zz (domain SID)

4.1.1.2 Testing connection to LDAP database

Refer to the sectionInformation>>>CLI>>>ldap-testto get help on the CLI command.

To test connection to the LDAP database:

Connect to the CLI.

Launch

ldap-test --checkusername

command.

In case of error, use the

verbose

option ofthe command to investigate the reason.

4.1.1.3 Map remote users to profile

This step is mandatory and configures the Network module to give permissions to the LDAP users.

Users not belonging to a group mapped on a profile will be rejected.

Main Page

Eaton Network-M2 - Servicing the Network Management Module; Configuring;Commissioning;Testing LDAP

Table of Contents

Related product manuals