Conditions for LDAP search user account

Ops Center Automator Installation and Configuration Guide
Version
11.0.x
Audience
anonymous
Part Number
MK-99AUT000-24

Conditions for the LDAP search user account vary depending on the authentication method.

Prepare a user account that satisfies the following conditions on the LDAP directory server.

For LDAP authentication:

  • The user account can bind to the DN specified for auth.ldap.auth.server.name-property-value.basedn in the exauth.properties file

  • The user account can search the attributes for all entries after the DN specified for auth.ldap.auth.server.name-property-value.basedn in the exauth.properties file

  • The user account can reference the DN specified for auth.ldap.auth.server.name-property-value.basedn in the exauth.properties file

  • The user account can reference the authorization groups that are under the DN specified for auth.ldap.auth.server.name-property-value.basedn in the exauth.properties file (when an external authorization server is also linked to)

  • The user account can search the attributes of the authorization groups that are under the DN specified for auth.ldap.auth.server.name-property-value.basedn in the exauth.properties file and search the attributes of nested groups of the authorization groups (when an external authorization server is also linked to)

For RADIUS authentication:

  • The user account can bind to the DN specified for auth.group.domain-name.basedn in the exauth.properties file

  • The user account can search the attributes for all entries after the DN specified for auth.group.domain-name.basedn in the exauth.properties file

  • The user account can reference the DN specified for auth.group.domain-name.basedn in the exauth.properties file

  • The user account can reference the authorization groups that are under the DN specified for auth.group.domain-name.basedn in the exauth.properties file.

  • The user account can search the attributes of the authorization groups that are under the DN specified for auth.group.domain-name.basedn in the exauth.properties file and search the attributes of nested groups of the authorization groups

For Kerberos authentication:

  • The user account can bind to the DN specified for auth.group.realm-name.basedn in the exauth.properties file

  • The user account can search the attributes for all entries after the DN specified for auth.group.realm-name.basedn in the exauth.properties file

  • The user account can reference the DN specified for auth.group.realm-name.basedn in the exauth.properties file

  • The user account can reference the authorization groups that are under the DN specified for auth.group.realm-name.basedn in the exauth.properties file

  • The user account can search the attributes of the authorization groups that are under the DN specified for auth.group.realm-name.basedn in the exauth.properties file and search the attributes of nested groups of the authorization groups