Skip to main content

Enabling LDAP or NIS account access

You can use the security login create command to enable LDAP or NIS user accounts to access an admin or data SVM . If you have not configured LDAP or NIS server access to the SVM , you must do so before the account can access the SVM .

Before you begin

You must be a cluster administrator to perform this task.

About this task

  • Group accounts are not supported.

  • You must configure LDAP or NIS server access to the SVM before the account can access the SVM .

    Refer to Configuring LDAP or NIS server access.

    You can perform this task before or after you enable account access.

  • If you are unsure of the access control role that you want to assign to the login account, you can use the security login modify command to add the role later.

    Refer to Modifying the role assigned to an administrator.

  • Beginning with ONTAP 9.4, multifactor authentication (MFA) is supported for remote users over LDAP or NIS servers.

  1. Enable LDAP or NIS user or group accounts to access an SVM : security login create -vserver SVM_name -user-or-group-name user_name -application application -authmethod nsswitch -role role -comment comment -is-ns-switch-group yes|no

    For complete command syntax, see the worksheet Creating or modifying login accounts.

    Example

    The following command enables the LDAP or NIS cluster administrator account

    guest2 with the predefined backup role to access the admin SVM engCluster .

    cluster1::>security login create -vserver engCluster -user-or-group
    -name guest2 -application ssh -authmethod nsswitch -role backup

  2. Enable MFA login for LDAP or NIS users: security login modify -user-or-group-name rem_usr1 -application ssh -authentication-method nsswitch -role admin -is-ns-switch-group no -second-authentication-method publickey

    The authentication method can be specified as publickey and second authentication method as nsswitch.

    Example

    The following example shows the MFA authentication being enabled:

    cluster-1::*> security login modify -user-or-group-name rem_usr2 
    -application ssh -authentication-method nsswitch -vserver 
    cluster-1 -second-authentication-method publickey"

After you finish

If you have not configured LDAP or NIS server access to the SVM , you must do so before the account can access the SVM .

Refer to Configuring LDAP or NIS server access.