You can use an LDAP server for authentication on your storage system.
To use an LDAP server for authentication, create a configuration file in UTF-8 encoding. Include information about the authentication server as shown in the following example. Any file name and extension is allowed.
auth.server.type=ldap auth.server.name=<server_name> auth.group.mapping=<value> auth.ldap.<server_name>.<attribute>=<value>
A full example is shown here:
auth.server.type=ldap auth.server.name=PrimaryServer auth.group.mapping=true auth.ldap.PrimaryServer.protocol=ldaps auth.ldap.PrimaryServer.host=ldaphost.domain.local auth.ldap.PrimaryServer.port=636 auth.ldap.PrimaryServer.timeout=3 auth.ldap.PrimaryServer.attr=sAMAccountName auth.ldap.PrimaryServer.searchdn=CN=sample1,CN=Users,DC=domain,DC=local auth.ldap.PrimaryServer.searchpw=password auth.ldap.PrimaryServer.basedn=CN=Users,DC=domain,DC=local auth.ldap.PrimaryServer.retry.interval=1 auth.ldap.PrimaryServer.retry.times=3 auth.ldap.PrimaryServer.domain.name=EXAMPLE.COM
The LDAP attributes are defined in the following table.
Attribute | Description | Required / Optional | Default value |
---|---|---|---|
auth.server.type | Type of an authentication server. Specify ldap. | Required | None |
auth.server.name |
The name of an authentication server. When registering a primary and a secondary server, use a comma to separate the names. The name of the server, including the primary name, secondary name, and the comma (1 byte) must be 64 bytes or less. The names can use all ASCII code characters except for the following: \ / : , ; * ? " < > | $ % & ' ˜ In this manual, the value specified here is called <server_ name> hereafter. |
Required | None |
auth.group.mapping | Information about whether to work together with an authorization server:
|
Optional | False |
auth.ldap.<server_name>.protocol | LDAP protocol to use. Specify "ldaps" (Uses LDAP over SSL/TLS). Do not specify "starttls" (Uses StartTLS) |
Required | None |
auth.ldap.<server_name>.host |
A host name, an IPv4 address or an IPv6 address of the LDAP server. An IPv6 address must be enclosed in square brackets. To use StartTLS as a protocol, specify a host name. If this value is specified, auth.ldap.<server_name>.dns_lookup will be ignored |
Optional1 | None |
auth.ldap.<server_name>.port |
A port number of the LDAP server. Must be between 1 and 65,535.2 |
Optional | 389 |
auth.ldap.<server_name>.timeout |
The number of seconds before the connection to the LDAP server times out. It must be between 1 and 30.2 | Required | 10 |
auth.ldap.<server_name>.attr |
Attribute name to identify a user (such as a user ID).
sAMAccountName is used for Active Directory. |
Required | None |
auth.ldap.<server_name>.searchdn |
DN of the user for searching. If omitted, [value_of_attr]=[Login_ID],[value_ of _basedn] is used for bind authentication.3 |
Otional | None |
auth.ldap.<server_name>.searchpw |
User password that is used for searching. Specify the same password that is registered in the LDAP server. |
Required | None |
auth.ldap.<server_name>.basedn |
BaseDN for searching for users to authenticate.3
|
Required | None |
auth.ldap.<server_name>.retry.interval |
Retry interval in seconds when the connection to the LDAP server fails. Must be between 1 and 5.2 | Optional | 1 |
auth.ldap.<server_name>.retry.times |
Retry times when the connection to the LDAP server fails. Must be between 0 and 3. Zero means no retry.2 |
Optional | 3 |
auth.ldap.<server_name>.domain.name |
A domain name that the LDAP server manages. |
Required | None |
auth.ldap.<server_name>.dns_lookup |
Information about whether to search the LDAP server with the information registered in the SRV records in the DNS server. Specify "false" (Searches with the host name and port number). Do not specify "true" (Searches with the information registered in the SRV records in the DNS server). |
Optional | False |
Notes:
|