LDAP
To get the list of defined LDAPs, use the following command:
./iem get ldapdirectories
The command returns the list of LDAP in XML format as follows:
<?xml version="1.0" encoding="UTF-8"?>
<BESAPI xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="BESAPI.xsd">
<LDAPDirectory Resource=" https://nc125058.romelab.it.ibm.com:52311
/ldapdirectory/34">
<ID>34</ID>
<Name>AD</Name>
<IsActiveDirectory>true</IsActiveDirectory>
<IsGlobalCatalog>true</IsGlobalCatalog>
<UseSSL>false</UseSSL>
<BaseDN>DC=tem,DC=test,DC=com</BaseDN>
<UIDAttribute>userPrincipalName</UIDAttribute>
<UserFilter>(objectCategory=user)</UserFilter>
<GroupFilter><![CDATA[(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483648))]]></GroupFilter>
<User>TEM\Administrator</User>
<Servers>
<Server>
<Host>10.43.5.20</Host>
<Port>3268</Port>
<Priority>0</Priority>
</Server>
</Servers>
</LDAPDirectory>
To create a new LDAP, use the same XML syntax as ./iem
get ldapdirectories
and add the following row after the User
row
in the XML file:
<Password>MyLDAP-Password</Password>
Then create the new LDAP with the following command:
./iem post MyLDAP.xml ldapdirectories
To get the configuration data of a specific LDAP having its ID
(in the current example ID=34
) run the following
command:
./iem get ldapdirectory/34
The command returns the LDAP configuration in XML format as follows:
<?xml version="1.0" encoding="UTF-8"?>
<BESAPI xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="BESAPI.xsd">
<LDAPDirectory Resource="https://nc125058.romelab.it.ibm.com:52311
/ldapdirectory/34">
<ID>34</ID>
<Name>AD</Name>
<IsActiveDirectory>true</IsActiveDirectory>
<IsGlobalCatalog>true</IsGlobalCatalog>
<UseSSL>false</UseSSL>
<BaseDN>DC=tem,DC=test,DC=com</BaseDN>
<UIDAttribute>userPrincipalName</UIDAttribute>
<UserFilter>(objectCategory=user)</UserFilter>
<GroupFilter><![CDATA[(&(objectCategory=group)
(groupType:1.2.840.113556.1.4.803:=2147483648))]]></GroupFilter>
<User>TEM\Administrator</User>
<Servers>
<Server>
<Host>10.43.5.20</Host>
<Port>3268</Port>
<Priority>0</Priority>
</Server>
</Servers>
</LDAPDirectory>
To remove a specific LDAP having its ID (in the current example ID=34
)
run the following command:
./iem delete ldapdirectory/34
To convert a local operator into an LDAP operator, run the following
command:
BESAdmin.exe /convertToLDAPOperators [/mappingFile:<file>]
where <file>
is
the mapping file containing the matching between Windows local operators
and LDAP operators. Each line of the file must contain the name of
the user to convert, followed by a tab and the name of the user in
LDAP or Active Directory. The LDAP name must have the same format
used to log into the console, such as domain\user
, user@domain
,
or user
. If the file is not available, BESAdmin
converts
all local users assuming their name in LDAP or Active Directory is
the same as their local user name.