LDAP
ldap base-dn <string> Sets the base distinguished name (location) of the user information in the schema of the LDAP server. |
||
Syntax Description |
string |
A case-sensitive string that specifies the location in the LDAP hierarchy where the server should begin searching when it receives an authorization request.
|
Default |
ou=users,dc=example,dc=com |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show ldap |
|
Notes |
ldap {bind-dn | bind-password} <string> Gives the distinguished name or password to bind to on the LDAP server. This can be left empty for anonymous login (the default). |
||
Syntax Description |
string |
A case-sensitive string that specifies distinguished name or password to bind to on the LDAP server |
Default |
"" |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show ldap |
|
Notes |
For anonymous login, bind-dn and bind-password should be empty strings "" |
ldap {group-attribute {<group-att> | member | uniqueMember} | group-dn <group-dn>} Sets the distinguished name or attribute name of a group on the LDAP server. |
||
Syntax Description |
group-attribute |
Specifies a custom attribute name |
member |
groupOfNames or group membership attribute |
|
uniqueMember |
groupOfUniqueNames membership attribute |
|
group-dn |
DN of group required for authorization |
|
Default |
group-att: member |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show ldap |
|
Notes |
|
ldap host <ip-address> [order <number> last] Adds an LDAP server to the set of servers used for authentication. |
||
Syntax Description |
ip-address |
IP address |
number |
The order of the LDAP server |
|
last |
The LDAP server will be added in the last location |
|
Default |
N/A |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show aaa |
|
Notes |
|
ldap login-attribute {<string> | uid | sAMAccountName} Sets the attribute name which contains the login name of the user. |
||
Syntax Description |
string |
Custom attribute name |
uid |
LDAP login name is taken from the user login username |
|
sAMAccountName |
SAM Account name, active directory login name |
|
Default |
N/A |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show aaa |
|
Notes |
ldap port <port> Sets the TCP port on the LDAP server to connect to for authentication. |
||
Syntax Description |
port |
TCP port number |
Default |
389 |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show aaa |
|
Notes |
ldap referrals Enables LDAP referrals. |
||
Syntax Description |
N/A |
|
Default |
Enabled |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show aaa |
|
Notes |
Referral is the process by which an LDAP server, instead of returning a result, will return a referral (a reference) to another LDAP server which may contain further information. |
ldap scope <scope> Specifies the extent of the search in the LDAP hierarchy that the server should make when it receives an authorization request. |
||
Syntax Description |
scope |
|
Default |
subtree |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show aaa |
|
Notes |
ldap ssl {cert-verify | mode <mode>| port <port-number>} Sets SSL parameter for LDAP. |
||
Syntax Description |
cert-verify |
Enables verification of SSL/TLS server certificates. This may be required if the server's certificate is self-signed, or does not match the name of the server. |
mode |
Sets the security mode for connections to the LDAP server.
|
|
port |
Sets the port on the LDAP server to connect to for authentication when the SSL security mode is enabled (LDAP over SSL) |
|
Default |
cert-verify is enabled |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show aaa |
|
Notes |
|
ldap {timeout-bind | timeout-search} <seconds> Sets a global communication timeout in seconds for all LDAP servers to specify the extent of the search in the LDAP hierarchy that the server should make when it receives an authorization request. |
||
Syntax Description |
timeout-bind |
Sets the global LDAP bind timeout for all LDAP servers |
timeout-search |
Sets the global LDAP search timeout for all LDAP servers |
|
seconds |
Range: 1-60 |
|
Default |
5 seconds |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show aaa |
|
Notes |
ldap version <version> Sets the LDAP version. |
||
Syntax Description |
version |
Sets the LDAP version. Possible values: 2 or 3. |
Default |
3 |
|
Configuration Mode |
config |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show aaa |
|
Notes |
show ldap Displays LDAP configurations. |
||
Syntax Description |
N/A |
|
Default |
N/A |
|
Configuration Mode |
Any configuration mode |
|
History |
1.5 |
|
Example |
|
|
Related Commands |
show aaa |
|
Notes |