You can use an LDAP server for authentication on your storage system.
To use an LDAP server for authentication, create a configuration file in UTF-8 encoding. Include information about the authentication server as shown in the following example. Any file name and extension is allowed.
auth.server.type=ldap auth.server.name=<server_name> auth.group.mapping=<value> auth.ldap.<server_name>.<attribute>=<value>
A full example is shown here:
auth.server.type=ldap auth.server.name=PrimaryServer auth.group.mapping=true auth.ldap.PrimaryServer.protocol=ldaps auth.ldap.PrimaryServer.host=ldaphost.domain.local auth.ldap.PrimaryServer.port=636 auth.ldap.PrimaryServer.timeout=3 auth.ldap.PrimaryServer.attr=sAMAccountName auth.ldap.PrimaryServer.searchdn=CN=sample1,CN=Users,DC=domain,DC=local auth.ldap.PrimaryServer.searchpw=password auth.ldap.PrimaryServer.basedn=CN=Users,DC=domain,DC=local auth.ldap.PrimaryServer.retry.interval=1 auth.ldap.PrimaryServer.retry.times=3 auth.ldap.PrimaryServer.domain.name=EXAMPLE.COM
The LDAP attributes are defined in the following table.
Attribute | Description | Required / Optional | Default value |
---|---|---|---|
auth.server.type | Type of authentication server. Specify ldap. | Required | None |
auth.server.name |
Name of the authentication server (referred to as <server_ name>). When registering a primary and a secondary server, use a comma to separate the names. The name of the server, including the primary name, secondary name, and the comma (1 byte) must be 64 bytes or less. The name can use all ASCII code characters except for the following: \ / : , ; * ? " < > | $ % & ' ˜ |
Required | None |
auth.group.mapping | Information about whether to work together with an authorization server:
|
Optional | False |
auth.ldap.<server_name>.protocol | LDAP protocol to use. Specify ldaps (uses LDAP over SSL/TLS). Do not specify starttls (uses StartTLS). |
Required | None |
auth.ldap.<server_name>.host |
Host name, an IPv4 address or an IPv6 address of the LDAP server. An IPv6 address must be enclosed in square brackets. To use StartTLS as a protocol, specify a host name. If this value is specified, auth.ldap.<server_name>.dns_lookup will be ignored. |
Optional1 | None |
auth.ldap.<server_name>.port |
Port number of the LDAP server. Must be between 1 and 65,535.2 |
Optional | 389 |
auth.ldap.<server_name>.timeout |
Number of seconds before the connection to the LDAP server times out. Must be between 1 and 30.2 |
Required | 10 |
auth.ldap.<server_name>.attr |
Attribute name to identify a user (such as a user ID).
sAMAccountName is used for Active Directory. |
Required | None |
auth.ldap.<server_name>.searchdn |
DN of the user for searching. If omitted, [value_of_attr]=[Login_ID],[value_ of _basedn] is used for bind authentication.3 |
Otional | None |
auth.ldap.<server_name>.searchpw |
User password that is used for searching. Specify the same password that is registered in the LDAP server. |
Required | None |
auth.ldap.<server_name>.basedn |
BaseDN for searching for users to authenticate.3
|
Required | None |
auth.ldap.<server_name>.retry.interval |
Retry interval in seconds when the connection to the LDAP server fails. Must be between 1 and 5.2 |
Optional | 1 |
auth.ldap.<server_name>.retry.times |
Retry times when the connection to the LDAP server fails. Must be between 0 and 3. Zero means no retry.2 |
Optional | 3 |
auth.ldap.<server_name>.domain.name |
Domain name that the LDAP server manages. |
Required | None |
auth.ldap.<server_name>.dns_lookup |
Information about whether to search the LDAP server with the information registered in the SRV records in the DNS server. Specify false (Searches with the host name and port number). Do not specify true (Searches with the information registered in the SRV records in the DNS server). |
Optional | False |
Notes:
|