Configuring an LDAP server using the CLI

Content Software for File CLI Reference

Version
4.2.x
Audience
anonymous
Part Number
MK-HCSF001-03

Command

weka user ldap setup

weka user ldap setup-ad

One of two CLI commands is used to configure an LDAP user directory for user authentication. The first is for configuring a general LDAP server and the second is for configuring an Active Directory server.

To configure an LDAP server, use the following command line:

weka user ldap setup <server-uri> <base-dn> <user-object-class> <user-id-attribute> <group-object-class> <group-membership-attribute> <group-id-attribute> <reader-username> <reader-password> <cluster-admin-group> <org-admin-group> <regular-group> <readonly-group> [--start-tls start-tls] [--ignore-start-tls-failure ignore-start-tls-failure] [--server-timeout-secs server-timeout-secs] [--protocol-version protocol-version] [--user-revocation-attribute user-revocation-attribute]

To configure an Active Directory server, use the following command line:

weka user ldap setup-ad <server-uri> <domain> <reader-username> <reader-password> <cluster-admin-group> <org-admin-group> <regular-group> <readonly-group> [--start-tls start-tls] [--ignore-start-tls-failure ignore-start-tls-failure] [--server-timeout-secs server-timeout-secs] [--user-revocation-attribute user-revocation-attribute]

Parameters

Name Type Value Limitations Mandatory Default
server-uri String Either the LDAP server host name/IP or a URI URI must be in format ldap://hostname:port or ldaps://hostname:port Yes  
base-dn String Base DN under which users are stored Must be valid name Yes  
user-id-attribute String Attribute storing user IDs Must be valid name Yes  
user-object-class String Object class of users Must be valid name Yes  
group-object-class String Object class of groups Must be valid name Yes  
group-membership-attribute String Attribute of group containing the DN of a user membership in the group Must be valid name Yes  
group-id-attribute String Attribute storing the group name Name has to match names used in the <admin-group>, <regular group> and <readonly group> Yes  
reader-username and reader-password String Credentials of a user with read access to the directory Password is kept in the Content Software for File cluster configuration in plain text, as it is used to authenticate against the directory during user authentication Yes  
cluster-admin-group String Name of group containing users defined with cluster admin role Must be valid name Yes  
org-admin-group String Name of group containing users defined with organization admin role Must be valid name Yes  
regular-group String Name of group containing users defined with regular privileges Must be valid name Yes  
readonly-group String Name of group containing users defined with read only privileges Must be valid name Yes  
server-timeout-secs Number Server connection timeout Seconds No  
protocol-version String Selection of LDAP version LDAP v2 or v3 No LDAP v3
user-revocation-attribute String The LDAP attribute; when its value changes in the LDAP directory, user access and mount tokens are revoked User must re-login after a change is detected No  
start-tls String Issue StartTLS after connecting yes or no No No
ignore-start-tls-failure String Ignore start TLS failure yes or no No No