Chapter 4 System Configuration
© 2017 Harmonic Inc. All rights reserved. 130 Harmonic MediaGrid Release 4.1
Joining a Harmonic MediaGrid Cluster to a Lightweight Directory Access Protocol
(LDAP) Domain
It is not recommended that you switch between ADS and LDAP once an authentication method is
chosen. Doing so requires resetting all Access Control Lists (ACLs), as the Security Identifiers
(SIDs) differ between the two methods. Refer to Choosing the Best Authentication Method for
information about authentication using Active Directory Services.
For information on joining a ContentBridge 1000B or High Bandwidth ContentBridge to an LDAP
domain, refer to one of the following:
Joining a High Bandwidth ContentBridge to an LDAP Domain.
Joining a ContentBridge 1000B to an LDAP Domain
IMPORTANT: You must be familiar with setting up LDAP clients to complete these steps.
Editing the LDAP Configuration File
A configuration file is present on the ContentDirectors, which can be edited to set up LDAP
authentication. Complete the steps below to set up LDAP.
NOTE: You may also use the preferred Linux LDAP client configuration method prescribed by your Linux
system administrator to set up LDAP.
To edit the file:
1. Open the /etc/ldap.conf file on both the primary and secondary ContentDirectors and edit
the following lines:
a. Specify the LDAP server by changing “
host 127.0.0.1” to the Fully Qualified Domain
Name (FQDN) of the customer LDAP server, for example:
ahost.example.com
Another way to specify the LDAP server is to provide a Uniform Resource Identifier (URI) with
the server name. For example:
uri ldap://example-ldap/
b. Change the entry “
base dc=example,dc=com” to the distinguished name of the search
base, which is the name that uniquely identifies an entry in the directory.
c. Edit the line “
pam_password md5” to add the password encryption function crypt.
For Windows, edit as follows: pam_password crypt
For Apple Open Directory, edit as follows: pam_password exop
2. Save and close the /etc/ldap.conf file.
3. Open the /omneon/config/mdscore-local file on both the primary and secondary
ContentDirectors and add the following line to the file to set the authentication method:
auth_method = pam
4. Create a symbolic link between the two LDAP configuration files as follows:
mv /etc/openldap/ldap.conf /etc/openldap/ldap.conf.old
ln -s /etc/ldap.conf /etc/openldap/ldap.conf
5. Type the following to test the configuration:
id admin
where “admin” is a user who is only in ldap and not in the local /etc/passwd file.
You should see the following if the configuration is set up properly:
uid=5001(admin) gid=5001(admin) groups=5001(admin)
To Next Page
Loading...
