Configure an LDAP provider

By default, when you configure an LDAP provider, it is automatically added to the System access zone.

Procedure

  1. Click Access > Authentication Providers > LDAP.
  2. Click Add an LDAP Provider.
  3. In the LDAP provider name field, type a name for the provider.
  4. In the Server URIs field, type one or more valid LDAP server URIs, one per line, in the format ldaps://<server>:<port> (secure LDAP) or ldap://<server>:<port> (non-secure LDAP). An LDAP server URI can be specified as an IPv4 address, IPv6 address, or hostname.
    Note Image

    • If you do not specify a port, the default port is used. The default port for non-secure LDAP (ldap://) is 389; for secure LDAP (ldaps://), it is 636. If you specify non-secure LDAP, the bind password is transmitted to the server in cleartext.
    • If you specify an IPv6 address, the address must be enclosed in square brackets. For example, ldap://[2001:DB8:170:7cff::c001] is the correct IPv6 format for this field.

  5. Select the Connect to a random server on each request checkbox to connect to an LDAP server at random. If unselected, OneFS connects to an LDAP server in the order listed in the Server URIs field.
  6. In the Base distinguished name (DN) field, type the distinguished name (DN) of the entry at which to start LDAP searches.
    Base DNs can include cn (Common Name), l (Locality), dc (Domain Component), ou (Organizational Unit), or other components. For example, dc=emc,dc=com is a base DN for emc.com.
  7. From the Groupnet list, select the groupnet that the authentication provider will reference.
  8. In the Bind DN field, type the distinguished name of the entry at which to bind to the LDAP server.
  9. In the Bind DN password field, specify the password to use when binding to the LDAP server.
    Use of this password does not require a secure connection; if the connection is not using Transport Layer Security (TLS), the password is sent in cleartext.
  10. Optional: Update the settings in the following sections of the Add an LDAP provider form to meet the needs of your environment:
    Default Query Settings
    Modify the default settings for user, group, and netgroup queries.
    User Query Settings
    Modify the settings for user queries and home directory provisioning.
    Group Query Settings
    Modify the settings for group queries.
    Netgroup Query Settings
    Modify the settings for netgroup queries.
    Advanced LDAP Settings
    Modify the default LDAP attributes that contain user information or to modify LDAP security settings.
  11. Click Add LDAP Provider.