Configuring LDAP for SAN File System

There are several LDAP configuration settings in the cimom.properties file that must be set up during configuration.

Steps

  1. Change to the /usr/tank/admin/config/ directory.
  2. Open the tank.properties file.
  3. Modify the following parameters:
    Table 1. LDAP parameters
    Parameter name: Sample values: Description:
    Port example: 5989 The port on which CIMOM will listen. Set this to 5989.
    TrustPassword   The password used when configuring the truststore.
    Authorization   Set to false if you want everyone to be able to access the CLI without access controls. If this is set to false, the GUI is unusable.
    ldap.cache.age=600   Maximum age of items in the LDAP Cache. Use 0 to disable the cache.
    userrole.ldap.location   The IP address of the LDAP server.
    userrole.ldap.bind.dn example: cn=root The distinguished name of an authorized LDAP user.
    userrole.ldap.cred example: password The password of the LDAP user.
    userrole.ldap. secured.connection   The flag to enable secured LDAP communication. Set to true, indicates that it uses SSL; set to false, indicates that it uses an open socket.
    userrole.ldap.version   Set to 2 if the LDAP server does not support v3.
    userrole.ldap.insecured.port example: 389 The port on which the LDAP server should be listening for an insecure connection. 389 is standard.
    userrole.ldap.secure.port example: 636 The port on which the LDAP server should be listening for a secure connection. 636 is standard.
    ldap.basedn.roles example: ou=Roles,o=ibm,c=us The base distinguished name to search for roles. This is the location in the LDAP hierarchy to find the role definitions.
    ldap.basedn.users example: ou=Users,o=ibm,c=us The base distinguished name to search for users. This is the location in the LDAP hierarchy to find users.
    ldap.user.filter example:

    (&(uid=%v)
    (objectClass=inetOrgPerson))

    The search filter to find a user.
    ldap.user.id.attr example: uid The attribute that holds the User ID in the user's objectClass.
    ldap.role.filter example:

    (&(cn=%v)  
    (objectClass=accessRole))

    The role filter to find a role.
    ldap.role.id.attr example: cn The attribute that holds the name of a role in the role's objectClass.
    ldap.role.mem.id.attr example: member The attribute that holds the members of a role in the role's objectClass.
    LogOnly   Setting this to true ensures that stdout.log in /usr/tank/admin/log is not a copy of cimom.log in the same place. This is recommended.
    Note: Default values for parameters not listed in this table are acceptable.

Parent topic: Resolution procedures

Library | Support | Terms of use | Feedback
(C) Copyright IBM Corporation 2003, 2004. All Rights Reserved.
IBM TotalStorage SAN File System v2.2