Oracle ZFS Storage Appliance: Specifying Multiple DNs (Distinguished Names) in the ZFS-SA LDAP Configuration

Asset ID:	1-71-2026778.1
Update Date:	2018-05-02
Keywords:

Solution Type Technical Instruction Sure

Solution 2026778.1 : Oracle ZFS Storage Appliance: Specifying Multiple DNs (Distinguished Names) in the ZFS-SA LDAP Configuration

Applies to:

Oracle ZFS Storage ZS4-4 - Version All Versions to All Versions [Release All Releases]
Sun Storage 7110 Unified Storage System - Version All Versions to All Versions [Release All Releases]
Sun Storage 7210 Unified Storage System - Version All Versions to All Versions [Release All Releases]
Sun Storage 7310 Unified Storage System - Version All Versions to All Versions [Release All Releases]
Sun Storage 7410 Unified Storage System - Version All Versions to All Versions [Release All Releases]
7000 Appliance OS (Fishworks)

Goal

There may be a requirement for LDAP to search multiple DNs under the base DN in an LDAP schema.

In the following example, a user DN of 'OU=Admins,DC=example,DC=org' is specified via 'user_search':

appliance_head:> configuration services ldap show
Properties:
<status> = online
default_servers = server.example.org:636
proxy_dn = CN=ldap-zfssa,OU=srv-app-accts,DC=example,DC=org
proxy_password = ***********
base_dn = DC=example,DC=org
search_scope = sub
cred_level = proxy
auth_method = simple
use_tls = true
user_search = OU=Admins,DC=example,DC=org
user_mapattr = homeDirectory=unixHomeDirectory,gecos=displayName,userPassword=unixUserPassword,uid=sAMAccountName
user_mapobjclass = posixAccount=user,shadowAccount=person
group_search = OU=unix,DC=example,DC=org
group_mapattr =
group_mapobjclass = posixGroup=group
netgroup_search =
netgroup_mapattr =
netgroup_mapobjclass =

..................

While the above will effectively search the 'Admins' OU, what if there is a requirement for the search to include other OU's?

Solution

In the case of a requirement to have LDAP search multiple OU's, it is possible to specify more than one DN by separating each with a semicolon as follows:

appliance_head:> configuration services ldap show
Properties:
<status> = online
default_servers = server.example.org:636
proxy_dn = CN=ldap-zfssa,OU=srv-app-accts,DC=example,DC=org
proxy_password = ***********
base_dn = DC=example,DC=org
search_scope = sub
cred_level = proxy
auth_method = simple
use_tls = true
user_search = OU=Admins,DC=example,DC=org; OU=Contractors,DC=example,DC=org; OU=Temps,DC=example,DC=org
user_mapattr = homeDirectory=unixHomeDirectory,gecos=displayName,userPassword=unixUserPassword,uid=sAMAccountName
user_mapobjclass = posixAccount=user,shadowAccount=person
group_search = OU=unix,DC=example,DC=org
group_mapattr =
group_mapobjclass = posixGroup=group
netgroup_search =
netgroup_mapattr =
netgroup_mapobjclass =

..................

Attachments

This solution has no attachment