There are several LDAP configuration settings in the cimom.properties file that must be set up during configuration.
Parameter name: | Sample values: | Description: |
---|---|---|
Port | example: 5989 | The port on which CIMOM will listen. Set this to 5989. |
TrustPassword | The password used when configuring the truststore. | |
Authorization | Set to false if you want everyone to be able to access the CLI without access controls. If this is set to false, the GUI is unusable. | |
ldap.cache.age=600 | Maximum age of items in the LDAP Cache. Use 0 to disable the cache. | |
userrole.ldap.location | The IP address of the LDAP server. | |
userrole.ldap.bind.dn | example: cn=root | The distinguished name of an authorized LDAP user. |
userrole.ldap.cred | example: password | The password of the LDAP user. |
userrole.ldap. secured.connection | The flag to enable secured LDAP communication. Set to true, indicates that it uses SSL; set to false, indicates that it uses an open socket. | |
userrole.ldap.version | Set to 2 if the LDAP server does not support v3. | |
userrole.ldap.insecured.port | example: 389 | The port on which the LDAP server should be listening for an insecure connection. 389 is standard. |
userrole.ldap.secure.port | example: 636 | The port on which the LDAP server should be listening for a secure connection. 636 is standard. |
ldap.basedn.roles | example: ou=Roles,o=ibm,c=us | The base distinguished name to search for roles. This is the location in the LDAP hierarchy to find the role definitions. |
ldap.basedn.users | example: ou=Users,o=ibm,c=us | The base distinguished name to search for users. This is the location in the LDAP hierarchy to find users. |
ldap.user.filter | example: (&(uid=%v) |
The search filter to find a user. |
ldap.user.id.attr | example: uid | The attribute that holds the User ID in the user's objectClass. |
ldap.role.filter | example: (&(cn=%v) |
The role filter to find a role. |
ldap.role.id.attr | example: cn | The attribute that holds the name of a role in the role's objectClass. |
ldap.role.mem.id.attr | example: member | The attribute that holds the members of a role in the role's objectClass. |
LogOnly | Setting this to true ensures that stdout.log in /usr/tank/admin/log is not a copy of cimom.log in the same place. This is recommended. | |
Note: Default values for parameters not
listed in this table are acceptable.
|
Parent topic: Resolution procedures