Creating an LDAP configuration file

System Administrator Guide for VSP E990 and VSP G130, G/F350, G/F370, G/F700, G/F900

Part Number

You can use an LDAP server for authentication on your storage system.

To use an LDAP server for authentication, create a configuration file in UTF-8 encoding. Include information about the authentication server as shown in the following example. Any file name and extension is allowed.

If you save the configuration file when using the Windows standard Notepad application, specify ANSI for the letter code. If you use an editor other than the memo pad and have the YTF-8 BOM setting, specify No BOM and then save.

A full example is shown here:


The LDAP attributes are defined in the following table.

Attribute Description Required / Optional Default value
auth.server.type Type of authentication server. Specify ldap. Required None

Name of the authentication server (referred to as <server_ name>).

When registering a primary and a secondary server, use a comma to separate the names. The name of the server, including the primary name, secondary name, and the comma (1 byte) must be 64 bytes or less.

The name can use all ASCII code characters except for the following: \ / : , ; * ? " < > | $ % & ' ˜

Required None Information about whether to work together with an authorization server:
  • true: Works together.
  • false: Does not work together.
Optional False
auth.ldap.<server_name>.protocol LDAP protocol to use.

Specify ldaps (uses LDAP over SSL/TLS).

Do not specify starttls (uses StartTLS).

Required None

Host name, an IPv4 address or an IPv6 address of the LDAP server. An IPv6 address must be enclosed in square brackets. To use StartTLS as a protocol, specify a host name.

If this value is specified, auth.ldap.<server_name>.dns_lookup will be ignored.

Optional1 None


Port number of the LDAP server.

Must be between 1 and 65,535.2

Optional 389


Number of seconds before the connection to the LDAP server times out.

Must be between 1 and 30.2

Required 10


Attribute name to identify a user (such as a user ID).

  • Hierarchical model: An attribute name where the value that can identify a user is stored.
  • Flat model: An attribute name for a user entry's RDN.

sAMAccountName is used for Active Directory.

Required None


DN of the user for searching. If omitted, [value_of_attr]=[Login_ID],[value_ of _basedn] is used for bind authentication.3

Otional None


User password that is used for searching. Specify the same password that is registered in the LDAP server.

Required None


BaseDN for searching for users to authenticate.3

  • Hierarchical model: DN of hierarchy that includes all the targeted users for searching.
  • Flat model: DN of hierarchy that is one level up from the targeted user for searching.
Required None


Retry interval in seconds when the connection to the LDAP server fails.

Must be between 1 and 5.2

Optional 1


Retry times when the connection to the LDAP server fails.

Must be between 0 and 3. Zero means no retry.2

Optional 3


Domain name that the LDAP server manages.

Required None


Information about whether to search the LDAP server with the information registered in the SRV records in the DNS server.

Specify false (Searches with the host name and port number).

Do not specify true (Searches with the information registered in the SRV records in the DNS server).

Optional False
  1. This item can be omitted if true is specified for auth.ldap.<server_name>.dns_lookup.
  2. If the specified value is not valid, the default value is used.
  3. To use symbols such as + ; , < = and >, type a backslash (\) before each symbol. When using multiple symbols, each symbol must have a backslash before it. For example, to enter abc++ in the basedn or searchdn field, type abc\+\+.
    To enter \ , /, or ", type a backslash (\) followed by the ASCII code in hex for the character:
    • To enter a backslash (\), type \5c.
    • To enter a forward slash (/), type \2f.
    • To enter a quotation mark ("), type \22.