Command
weka user ldap setup
weka user ldap setup-ad
One of two CLI commands is used to configure an LDAP user directory for user authentication. The first is for configuring a general LDAP server and the second is for configuring an Active Directory server.
To configure an LDAP server, use the following command line:
weka user ldap setup <server-uri> <base-dn> <user-object-class> <user-id-attribute> <group-object-class> <group-membership-attribute> <group-id-attribute> <reader-username> <reader-password> <cluster-admin-group> <org-admin-group> <regular-group> <readonly-group> [--start-tls start-tls] [--ignore-start-tls-failure ignore-start-tls-failure] [--server-timeout-secs server-timeout-secs] [--protocol-version protocol-version] [--user-revocation-attribute user-revocation-attribute]To configure an Active Directory server, use the following command line:
weka user ldap setup-ad <server-uri> <domain> <reader-username> <reader-password> <cluster-admin-group> <org-admin-group> <regular-group> <readonly-group> [--start-tls start-tls] [--ignore-start-tls-failure ignore-start-tls-failure] [--server-timeout-secs server-timeout-secs] [--user-revocation-attribute user-revocation-attribute]
Parameters
Name | Type | Value | Limitations | Mandatory | Default |
---|---|---|---|---|---|
server-uri | String | Either the LDAP server host name/IP or a URI | URI must be in format ldap://hostname:port or ldaps://hostname:port | Yes | |
base-dn | String | Base DN under which users are stored | Must be valid name | Yes | |
user-id-attribute | String | Attribute storing user IDs | Must be valid name | Yes | |
user-object-class | String | Object class of users | Must be valid name | Yes | |
group-object-class | String | Object class of groups | Must be valid name | Yes | |
group-membership-attribute | String | Attribute of group containing the DN of a user membership in the group | Must be valid name | Yes | |
group-id-attribute | String | Attribute storing the group name | Name has to match names used in the <admin-group>, <regular group> and <readonly group> | Yes | |
reader-username and reader-password | String | Credentials of a user with read access to the directory | Password is kept in the Content Software for File cluster configuration in plain text, as it is used to authenticate against the directory during user authentication | Yes | |
cluster-admin-group | String | Name of group containing users defined with cluster admin role | Must be valid name | Yes | |
org-admin-group | String | Name of group containing users defined with organization admin role | Must be valid name | Yes | |
regular-group | String | Name of group containing users defined with regular privileges | Must be valid name | Yes | |
readonly-group | String | Name of group containing users defined with read only privileges | Must be valid name | Yes | |
server-timeout-secs | Number | Server connection timeout | Seconds | No | |
protocol-version | String | Selection of LDAP version | LDAP v2 or v3 | No | LDAP v3 |
user-revocation-attribute | String | The LDAP attribute; when its value changes in the LDAP directory, user access and mount tokens are revoked | User must re-login after a change is detected | No | |
start-tls | String | Issue StartTLS after connecting | yes or no | No | No |
ignore-start-tls-failure | String | Ignore start TLS failure | yes or no | No | No |