CLI: LDAP

You can use the ldap command to configure the Exinda appliance to authenticate user login attempts with a remote LDAP (including Active Directory) server.

ldap {base-dn|bind-dn|bind-password|group-attribute|group-dn|host|login-attribute|port|referrals|scope|ssl|timeout-bind|timeout-search|version}

To configure the LDAP user search base:

ldap base-dn <string>

To configure the distinguished name (DN) to bind to the server:

ldap bind-dn <string>

To specify the password for binding to the server:

ldap base-password <string>

To specify the name of the group membership attribute:

ldap group-attribute {<string>|member|uniqueMember}

  • group-attribute <string> - Specify a custom attribute name
  • group-attribute member - groupOfNames of group membership attribute
  • group-attribute uniqueMember - groupOfUniqueNames membership attribute

To specify the distinguished name of the group required for authentication:

ldap group-dn <string>

To specify the hostname or IPInternet protocol address of the LDAP server:

ldap host <hostname or IP address>

  • host <hostname or IP address> - IPv4 and IPv6 addresses can be used.

To specify the attribute that contains the login name:

ldap login-attribute {<string>|uid|sAMAccountName}

  • login-attribute <string> - Specify a custom attribute name
  • login-attribute uid - LDAP login name
  • login-attribute sAMAccountName - Active Directory login name

To specify the port of the LDAP server:

ldap port

To enable LDAP referrals:

ldap referrals

To specify to scope of the LDAP search:

ldap scope {one-level|subtree}

  • scope one-level - Search only the object's immediate children
  • scope subtree - Search all descendants

To configure the SSL and TSL settings:

ldap ssl {cert-verify|mode {none|ssl|tls}|ssl-port}

  • ssl cert-verify - Enable LDAP SSL/TLS certificate verification
  • ssl mode none - Do not use SSL or TLS to secure LDAP
  • ssl mode ssl - Secure LDAP using SSL over the SSL port
  • ssl mode tls - Secure LDAP using TLS over the default server port
  • ssl ssl-port <port> - Set the LDAP SSL port number

To specify the number of seconds before LDAP times out for binding to a server:

ldap timeout-bind <seconds>

To specify the number of seconds before a search for user information on the LDAP server times out:

ldap timeout-search <seconds>

To configure the version of LDAP that is supported:

ldap version {2|3}

  • version 2 - LDAP version 2 and earlier
  • version 3 - LDAP version 3 and current LDAP/Active Directory servers