Contents

1   Description

This instruction describes how to configure an arbitrary LDAP search filter when querying the LDAP server. Such a change can be triggered by the organization security policy.

2   Procedure

2.1   Configure Flexible LDAP Filter

Prerequisites

• This instruction references the following documents:
  • Configure LDAP Basic Connection
  • Configure TLS for LDAP
• No tools are required.
• The following conditions must apply:
  • The user has the System Security Administrator role.
  • The ME is configured to connect with remote LDAP server, refer to Configure LDAP Basic Connection and Configure TLS for LDAP.
  • The LDAP server is configured for the Managed Element (ME).
  • The LDAP schema is specified and loaded in the LDAP server.
  • An Ericsson Command-Line Interface (ECLI) session in Exec mode is in progress.

Steps

1. Navigate to the Ldap Managed Object (MO), for example:

   >dn ManagedElement=NODE06ST,SystemFunctions=1,SecM=1,UserManagement=1,LdapAuthenticationMethod=1,Ldap=1

2. Enter Config mode:

   (Ldap=1)>configure

3. Configure flexible filtering in Ldap MO:

   (config-Ldap=1)>profileFilter=FLEXIBLE

4. Navigate to the Filter MO, for example:

   (config-Ldap=1)>Filter=1

5. Configure the arbitrary LDAP search expression, for example:

   (config-Filter=1)>filter="(&(objectClass=posixAccount)(uid=<UID>))"

6. Configure the LDAP return attribute, for example:

   (config-Filter=1)>type="cn"

7. Commit the settings:

   (config-Filter=1)>commit

8. Verify the result:

   (Filter=1)>show -r

   The following is an example output:

   Ldap=1 baseDn="dc=my-domain,dc=com" fallbackLdapIpAddress="192.168.0.11" ldapIpAddress="192.168.0.10" profileFilter=FLEXIBLE useTls=false Filter=1 filter="(&(objectClass=posixAccount)(uid=<UID>))" type="cn"