для Cisco Headend System Release 2.5
Enable the Client for LDAP and Sudo Support
4017610 Rev A
11
Manual initialization of LDAP client requires various attributes to be specified on
the command line. Obtain the following attributes from the site administrator:
the command line. Obtain the following attributes from the site administrator:
LDAP server hostname and IP address.
LDAP server port numbers if not using the default ports of 389 or 636
Name of existing profile (profileName) that can be used for initializing the LDAP
client
client
Bind Distinguished Name (DN) for proxy identity (proxyDN)
Client proxy password (proxyPassword)
LDAP domain name
If LDAP server supports Transport Layer Security (TLS) authentication and the
client requires TLS, request Root CA and any subordinate CA signing
certificates.
client requires TLS, request Root CA and any subordinate CA signing
certificates.
Please note that initialization of an LDAP client creates the following files:
/var/ldap/ldap_client_cred - contains the client credentials
/var/ldap/ldap_client_file - contains information about the server to which
LDAP client should connect
LDAP client should connect
In addition, ldapclient will modify multiple entries in the name service switch file
(/etc/nsswitch.conf) with ldap tag. However, these entries must be modified for
optimal performance.
(/etc/nsswitch.conf) with ldap tag. However, these entries must be modified for
optimal performance.
Enable the LDAP Client with Simple Authentication
These procedures must be executed on a client that requires simple authentication.
If the session between the LDAP client and server must be encrypted, then TLS
authentication that is described in the next section must be used.
Important: When enabling LDAP support for your LDAP client, you must obtain
these attributes as they pertain to your system from the site administrator. These
instructions use the following sample LDAP client attributes to illustrate the
procedures.
If the session between the LDAP client and server must be encrypted, then TLS
authentication that is described in the next section must be used.
Important: When enabling LDAP support for your LDAP client, you must obtain
these attributes as they pertain to your system from the site administrator. These
instructions use the following sample LDAP client attributes to illustrate the
procedures.
LDAP server hostname = ldapsrvr
LDAP server IP address = 192.168.1.1
Default LDAP port = 389
profileName=simple_profile
proxyDN = "cn=readonly,dc=example,dc=com"