Configuring AD without TLS for object access

Configuring AD without TLS does not provide secured communication between the IBM Spectrum Scale™ system and the authentication server.

  1. Submit the mmuserauth service create command as shown in the following example: 
    # mmuserauth service create --type ad --data-access-method object 
--user-name "cn=Administrator,cn=Users,dc=IBM,dc=local" --password "just4YOU" 
--base-dn "dc=IBM,DC=local" --ks-dns-name c40bbc2xn3 --ks-admin-user admin 
--servers myADserver --user-id-attrib cn --user-name-attrib sAMAccountName 
--user-objectclass organizationalPerson --user-dn "cn=Users,dc=IBM,dc=local" 
--ks-swift-user swift --ks-swift-pwd Passw0rd
    The system displays the following output: 
    Object configuration with LDAP (Active Directory) as identity 
backend is completed successfully.
Object Authentication configuration completed successfully.
  2. To verify the authentication configuration, issue the mmuserauth service list command as shown in the following example: 
    # mmuserauth service list
    The system displays the following output: 
    FILE access not configured
PARAMETERS               VALUES
-------------------------------------------------

OBJECT access configuration: AD
PARAMETERS               VALUES
-------------------------------------------------
ENABLE_ANONYMOUS_BIND    false
ENABLE_SERVER_TLS        false
ENABLE_KS_SSL            false
USER_NAME                cn=Administrator,cn=Users,dc=IBM,dc=local
SERVERS                  myADserver
BASE_DN                  dc=IBM,DC=local
USER_DN                  cn=users,dc=ibm,dc=local
USER_OBJECTCLASS         organizationalPerson
USER_NAME_ATTRIB         sAMAccountName
USER_ID_ATTRIB           cn
USER_MAIL_ATTRIB         mail
USER_FILTER              none
ENABLE_KS_CASIGNING      false
KS_ADMIN_USER            admin
Parent topic: Configuring an AD-based authentication for object access
Related reference:
mmuserauth command