Integrating with LDAP server
If LDAP-based authentication is selected, ensure that the LDAP server is set up with the required schemas to handle the authentication and ID-mapping requests. If you need to support SMB data access, LDAP schema must be extended before you configure the authentication.
Ensure that you have the following details before you start configuring LDAP-based
authentication:
- Default values are used unless you specify domain details such as --base-dn as prefixes of groups and users. The default user group suffix is --base-dn and the default user suffix is --base-dn.
- IP address or hostname of LDAP server. Both IPv4 and IPv6 addresses are supported.
- Admin user ID and password of LDAP server that is used during LDAP simple bind and for LDAP searches.
- The secret key that you provided for encrypting or decrypting passwords unless you disabled prompting for the key.
- NetBIOS name that is to be assigned for the IBM Storage Scale system.
- If you need secure communication between the IBM Storage Scale system and LDAP, the CA signed certificate that is used by the LDAP server for TLS communication must be placed at the specified location in the system.
- If you are using LDAP with Kerberos, create a Kerberos keytab file by using the MIT KDC infrastructure.
- Primary DNS is added in the /etc/resolv.conf file on all the protocol nodes. It resolves the authentication server system with which the IBM Storage Scale system is configured. The manual changes done to the configuration files might get overwritten by the operating system's network manager. So, ensure that the DNS configuration is persistent even after you restart the system. For more information about the circumstances where the configuration files are overwritten, see the corresponding operating system documentation.