LDAP advanced settings
You can configure LDAP security settings and specify the LDAP attributes that contain user information.
OneFS is RFC 2307-compliant.
- Name attribute
- Specifies the LDAP attribute that contains UIDs, which are used as login names. The default value is uid.
- Common name attribute
- Specifies the LDAP attribute that contains common names (CNs). The default value is cn.
- Email attribute
- Specifies the LDAP attribute that contains email addresses. The default value is mail.
- GECOS field attribute
- Specifies the LDAP attribute that contains GECOS fields. The default value is gecos.
- UID attribute
- Specifies the LDAP attribute that contains UID numbers. The default value is uidNumber.
- GID attribute
- Specifies the LDAP attribute that contains GIDs. The default value is gidNumber.
- Home directory attribute
- Specifies the LDAP attribute that contains home directories. The default value is homeDirectory.
- UNIX shell attribute
- Specifies the LDAP attribute that contains UNIX login shells. The default value is loginShell.
- Member of attribute
- Sets the attribute to be used when searching LDAP for reverse memberships. This LDAP value should be an attribute of the user type posixAccount that describes the groups in which the POSIX user is a member. This setting has no default value.
- Netgroup members attribute
- Specifies the LDAP attribute that contains netgroup members. The default value is memberNisNetgroup.
- Netgroup triple attribute
- Specifies the LDAP attribute that contains netgroup triples. The default value is nisNetgroupTriple.
- Group members attribute
- Specifies the LDAP attribute that contains group members. The default value is memberUid.
- Unique group members attribute
- Specifies the LDAP attribute that contains unique group members. This attribute is used to determine which groups a user belongs to if the LDAP server is queried by the user’s DN instead of the user’s name. This setting has no default value.
- Alternate security identities attribute
- Specifies the name to be used when searching for alternate security identities. This name is used when OneFS tries to resolve a Kerberos principal to a user. This setting has no default value.
- UNIX password attribute
- Specifies the LDAP attribute that contains UNIX passwords. This setting has no default value.
- Windows password attribute
- Specifies the LDAP attribute that contains Windows passwords. A commonly used value is ntpasswdhash.
- Certificate authority file
- Specifies the full path to the root certificates file.
- Require secure connection for passwords
- Specifies whether to require a Transport Layer Security (TLS) connection.
- Ignore TLS errors
- Continues over a secure connection even if identity checks fail.