Cisco Headend System Release 2.7

 

4017610 Rev A 

11 

 

Manual initialization of LDAP client requires various attributes to be specified on 
the command line.  Obtain the following attributes from the site administrator: 

 

LDAP server hostname and IP address. 

 

LDAP server port numbers if not using the default ports of 389 or 636 

 

Name of existing profile (profileName) that can be used for initializing the LDAP 
client 

 

Bind Distinguished Name (DN) for proxy identity (proxyDN) 

 

Client proxy password (proxyPassword) 

 

LDAP domain name 

 

If LDAP server supports Transport Layer Security (TLS) authentication and the 
client requires TLS, request Root CA and any subordinate CA signing 
certificates.  

Please note that initialization of an LDAP client creates the following files: 

 

 /var/ldap/ldap_client_cred - contains the client credentials 

 

 /var/ldap/ldap_client_file - contains information about the server to which 
LDAP client should connect 

In addition, ldapclient will modify multiple entries in the name service switch file 
(/etc/nsswitch.conf) with ldap tag.  However, these entries must be modified for 
optimal performance.  

 

These procedures must be executed on a client that requires simple authentication.  
If the session between the LDAP client and server must be encrypted, then TLS 
authentication that is described in the next section must be used.  
Important: When enabling LDAP support for your LDAP client, you must obtain 
these attributes as they pertain to your system from the site administrator. These 
instructions use the following sample LDAP client attributes to illustrate the 
procedures. 

 

LDAP server hostname = ldapsrvr 

 

LDAP server IP address = 192.168.1.1 

 

Default LDAP port = 389 

 

profileName=simple_profile 

 

proxyDN = "cn=readonly,dc=example,dc=com"