Configuring AD without TLS for object access

Configuring Active Directory (AD) without Transport Layer Security (TLS) does not provide secured communication between the IBM Storage Scale system and the authentication server.

1. Run the following command as shown in this example:

   # mmuserauth service create --type ad --data-access-method object 
   --user-name "cn=Administrator,cn=Users,dc=IBM,dc=local" 
   --base-dn "dc=IBM,DC=local" --ks-dns-name cluster-ces-ip.ibm --ks-admin-user admin 
   --servers myADserver --user-id-attrib cn --user-name-attrib sAMAccountName 
   --user-objectclass organizationalPerson --user-dn "cn=Users,dc=IBM,dc=local" 
   --ks-swift-user swift 

   The system displays the following output:

   Object configuration with LDAP (Active Directory) as identity 
   backend is completed successfully.
   Object Authentication configuration completed successfully.

2. To verify the authentication configuration, run the following command as shown in this example:

   # mmuserauth service list

   The system displays the following output:

   FILE access not configured
   PARAMETERS               VALUES
   -------------------------------------------------
   
   OBJECT access configuration: AD
   PARAMETERS               VALUES
   -------------------------------------------------
   ENABLE_ANONYMOUS_BIND    false
   ENABLE_SERVER_TLS        false
   ENABLE_KS_SSL            false
   USER_NAME                cn=Administrator,cn=Users,dc=IBM,dc=local
   SERVERS                  myADserver
   BASE_DN                  dc=IBM,DC=local
   USER_DN                  cn=users,dc=ibm,dc=local
   USER_OBJECTCLASS         organizationalPerson
   USER_NAME_ATTRIB         sAMAccountName
   USER_ID_ATTRIB           cn
   USER_MAIL_ATTRIB         mail
   USER_FILTER              none
   ENABLE_KS_CASIGNING      false
   KS_ADMIN_USER            admin