CLI: LDAP
You can use the ldap
command to configure the Exinda appliance to authenticate user login attempts with a remote LDAP (including Active Directory) server.
ldap {base-dn|bind-dn|bind-password|group-attribute|group-dn|host|login-attribute|port|referrals|scope|ssl|timeout-bind|timeout-search|version}
To configure the LDAP user search base:
ldap base-dn <string>
To configure the distinguished name (DN) to bind to the server:
ldap bind-dn <string>
To specify the password for binding to the server:
ldap base-password <string>
To specify the name of the group membership attribute:
ldap group-attribute {<string>|member|uniqueMember}
group-attribute <string>
- Specify a custom attribute namegroup-attribute member
- groupOfNames of group membership attributegroup-attribute uniqueMember
- groupOfUniqueNames membership attribute
To specify the distinguished name of the group required for authentication:
ldap group-dn <string>
To specify the hostname or IPInternet protocol address of the LDAP server:
ldap host <hostname or IP address>
host <hostname or IP address>
- IPv4 and IPv6 addresses can be used.
To specify the attribute that contains the login name:
ldap login-attribute {<string>|uid|sAMAccountName}
login-attribute <string>
- Specify a custom attribute namelogin-attribute uid
- LDAP login namelogin-attribute sAMAccountName
- Active Directory login name
To specify the port of the LDAP server:
ldap port
To enable LDAP referrals:
ldap referrals
To specify to scope of the LDAP search:
ldap scope {one-level|subtree}
scope one-level
- Search only the object's immediate childrenscope subtree
- Search all descendants
To configure the SSL and TSL settings:
ldap ssl {cert-verify|mode {none|ssl|tls}|ssl-port}
ssl cert-verify
- Enable LDAP SSL/TLS certificate verificationssl mode none
- Do not use SSL or TLS to secure LDAPssl mode ssl
- Secure LDAP using SSL over the SSL portssl mode tls
- Secure LDAP using TLS over the default server portssl ssl-port <port>
- Set the LDAP SSL port number
To specify the number of seconds before LDAP times out for binding to a server:
ldap timeout-bind <seconds>
To specify the number of seconds before a search for user information on the LDAP server times out:
ldap timeout-search <seconds>
To configure the version of LDAP that is supported:
ldap version {2|3}
version 2
- LDAP version 2 and earlierversion 3
- LDAP version 3 and current LDAP/Active Directory servers