LDAP advanced settings

You can configure LDAP security settings and specify the LDAP attributes that contain user information.

Note Image

OneFS is RFC 2307-compliant.

Name attribute
Specifies the LDAP attribute that contains UIDs, which are used as login names. The default value is uid.
Common name attribute
Specifies the LDAP attribute that contains common names (CNs). The default value is cn.
Email attribute
Specifies the LDAP attribute that contains email addresses. The default value is mail.
GECOS field attribute
Specifies the LDAP attribute that contains GECOS fields. The default value is gecos.
UID attribute
Specifies the LDAP attribute that contains UID numbers. The default value is uidNumber.
GID attribute
Specifies the LDAP attribute that contains GIDs. The default value is gidNumber.
Home directory attribute
Specifies the LDAP attribute that contains home directories. The default value is homeDirectory.
UNIX shell attribute
Specifies the LDAP attribute that contains UNIX login shells. The default value is loginShell.
Member of attribute
Sets the attribute to be used when searching LDAP for reverse memberships. This LDAP value should be an attribute of the user type posixAccount that describes the groups in which the POSIX user is a member. This setting has no default value.
Netgroup members attribute
Specifies the LDAP attribute that contains netgroup members. The default value is memberNisNetgroup.
Netgroup triple attribute
Specifies the LDAP attribute that contains netgroup triples. The default value is nisNetgroupTriple.
Group members attribute
Specifies the LDAP attribute that contains group members. The default value is memberUid.
Unique group members attribute
Specifies the LDAP attribute that contains unique group members. This attribute is used to determine which groups a user belongs to if the LDAP server is queried by the user’s DN instead of the user’s name. This setting has no default value.
Alternate security identities attribute
Specifies the name to be used when searching for alternate security identities. This name is used when OneFS tries to resolve a Kerberos principal to a user. This setting has no default value.
UNIX password attribute
Specifies the LDAP attribute that contains UNIX passwords. This setting has no default value.
Windows password attribute
Specifies the LDAP attribute that contains Windows passwords. A commonly used value is ntpasswdhash.
Certificate authority file
Specifies the full path to the root certificates file.
Require secure connection for passwords
Specifies whether to require a Transport Layer Security (TLS) connection.
Ignore TLS errors
Continues over a secure connection even if identity checks fail.