Cisco Headend System Release 2.7
Chapter 3 Configure LDAP and Sudo Support
10
4017610 Rev A
Enable the Client for LDAP and Sudo Support
This section describes how to configure a client for LDAP and Sudo support.
To configure an LDAP client for LDAP support, you will use the LDAP client utility
called ldapclient. This utility binds the client to the specified LDAP server to retrieve
configuration information. The ldapclient utility can be invoked in multiple ways,
but this document describes only the init form. The init form of ldapclient uses an
existing profile stored on the LDAP server to initialize the LDAP client. All other
forms of ldapclient invocation are outside the scope of this document. Please refer to
Solaris man pages in section 1M for details of using ldapclient.
Solaris LDAP clients can be configured to use one of the following authentication
methods:
To configure an LDAP client for LDAP support, you will use the LDAP client utility
called ldapclient. This utility binds the client to the specified LDAP server to retrieve
configuration information. The ldapclient utility can be invoked in multiple ways,
but this document describes only the init form. The init form of ldapclient uses an
existing profile stored on the LDAP server to initialize the LDAP client. All other
forms of ldapclient invocation are outside the scope of this document. Please refer to
Solaris man pages in section 1M for details of using ldapclient.
Solaris LDAP clients can be configured to use one of the following authentication
methods:
none
simple
sasl/CRAM-MD5
sasl/DIGEST-MD5
tls:simple
tls:sasl/CRAM-MD5
tls:sasl/DIGEST-MD5
Note that some LDAP servers may not support all of the above authentication
methods. This document discusses only "simple" and "tls:simple" authentication
methods.
methods. This document discusses only "simple" and "tls:simple" authentication
methods.
Simple Authentication Method - In "simple" authentication method, the bind
password is sent in the clear to the LDAP server. This may be acceptable in some
environments where RSA authentication server is used for two-factor
authentication and only read access is provided to LDAP objects. Procedures for
using the simple authentication method are provided in this chapter.
password is sent in the clear to the LDAP server. This may be acceptable in some
environments where RSA authentication server is used for two-factor
authentication and only read access is provided to LDAP objects. Procedures for
using the simple authentication method are provided in this chapter.
Transport Layer Security (TLS) authentication method - This authentication
method has the ability to encrypt the entire session between the LDAP client and
server. However, this requires proper configuration on the LDAP server and
appropriate certificates on the client. Procedures for using the TLS authentication
method are given in Appendix A Enable the LDAP Client with TLS
Authentication (on page 21).
method has the ability to encrypt the entire session between the LDAP client and
server. However, this requires proper configuration on the LDAP server and
appropriate certificates on the client. Procedures for using the TLS authentication
method are given in Appendix A Enable the LDAP Client with TLS
Authentication (on page 21).