Create LDAP server and client connection

Use this task to configure the Lightweight Directory Access Protocol (LDAP) server, configure the client on the cluster node, and establish a connection between the server and client.

LDAP is a standard method for accessing and updating information in a directory, and is used by the cluster to keep authentication, group, and user information common across the clusters.

The connection that you configure uses the Secure Sockets Layer (SSL) key database for communications.

The LDAP server connection cannot be modified. You can disconnect from the existing LDAP server and create a connection.

Fields

LDAP servers
Specify the host names of one or more nodes where the LDAP server is already configured and to which you want to create a connection.

Use a comma to separate the host names for an existing connection.

LDAP admin DN
Specify the LDAP administrator distinguished name (DN) that is used to bind to the LDAP server.

The DN you specify must exist on the LDAP server.

The ability to perform operations on entries in the LDAP server database from the LDAP client is dependent on the access permissions granted to the DN that is bounded on the LDAP server.

For example, cn=admin cn=proxy, o=ibm, cn=user, ou=people, cn=aixdata. The default value is cn=admin.

LDAP admin password
Specify the LDAP administrator password that contains only alphanumeric characters for the DN that is used to bind to the LDAP server.

The password you use must match the password on the LDAP server for the specified DN.

Suffix or base DN
Specify the suffix or base distinguished name (DN) to search on the LDAP server for users, groups, and other network information entities.

For example, cn=aixdata, o=ibm. The default value is cn=aixdata, o=ibm.

Server port number
Specify the server port number on the LDAP server for communicating with the LDAP server.

The default port number is 636, which is the standard port in SSL communications for LDAP servers.

Encryption seed for key stash files
Specify the encryption seed for key stash files. Minimum of 12 alphanumeric characters is required.
Schema type
Shows the LDAP schema used to represent user or group entries in the LDAP server.

The default value is rfc2307aix. This value indicates that the LDAP server must be configured to use RFC 2307 and the auxiliary AIX® schema, which provides full AIX attribute support.

Authentication type
Select the authentication mechanism used to authenticate users.
unix_auth
The user password is retrieved from the LDAP server, but authentication is performed locally.
ldap_auth
The user password is retrieved and authentication is performed by the LDAP server. The default value is idap_auth.
Server key path
Specify the full path to the SSL key server database.
Server key password
Specify the SSL key password for the SSL server.
Client key path
Specify the full path to the SSL key client database.
Client key password
Specify the SSL key password for the SSL client.

If a password is not specified, it is considered that a password stash file exists with the same file specification as the key path, but with an extension of .sth.

For more information about adding LDAP server and client connections, see the Creating an LDAP connection topic in the AIX Information Center.