Using LDAP Authentication
- Open the lsa.conf file in the LSIStorageAuthority/conf directory.
-
Enter a value for the
ldap_mode
field. If you set is as0
, the LDAP authentication using the LSI Storage Authority software is disabled. If you set it as1
, the LDAP authentication using the LSI Storage Authority software is enabled.Example:
LDAP Login
ldap_mode = 1
-
Enter the host name of the LDAP server in the
ldap_server
field. This value connects the specific LDAP server for the user authentication.Example:
# LDAP Server
ldap_server = <IP Address of the LDAP server>
-
(Optional) Enter the LDAP protocol version in the
ldap_protocol_version
field. This value defines the protocol to create an LDAP session.Example:
# LDAP Protocol version
ldap_protocol_version = v3
The default value isv3
. -
Enter the LDAP authentication mode in the
ldap_binding
field. In LDAP, the authentication is supplied through the Bind operation. LDAP supports three types of authentication modes:- Anonymous – When an LDAP session is created, that is, when an LDAP client connects to the server, the authentication state of the session is set to the anonymous mode.
- BASIC (default) – The simplest form of client authentication is to bind to the server using a clear-text password. This mechanism has security problems because the password can be read from the network.
- SECURE – A more secured method is to use an Simple Authentication and Security Layer (SASL) authentication mechanisms, such as DIGEST-MD5[4]. This method is based on an encryption known to both the client and the server, allowing for a simple challenge-response scheme. The SASL authentication mechanism is also capable of negotiating data encryption to protect subsequent operations.
Example:
# LDAP_BINDING
ldap_binding = BASIC
-
(Optional) Enter the LDAP server port number in the
ldap_port_number
field.Example:
# LDAP Port Number = 636
ldap_port_number = 389
-
Enter the DN (distinguished name) details in the
dn_details
field. The format is as follows:Example:
# LDAP_DN_DETAILS
Where:dn_details={"DN":[{"key":"DC","values":["ldapdomain"]},{"key":"DC","values":["com"]},{"key":"ou","values":["TEST"]}]}
DC
– This attribute contains the Domain Component type.ou
– This attribute contains the name of an organizational unit.
-
(Optional) Enter the LDAP user access privilege details in the
readOnly
field. The values follow:1
(default) – Read-only access.0
– Full access
- Restart the nginx service and the LSI Storage Authority Service for the changes to take effect.