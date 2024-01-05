On This Page
LDAP
|
ldap base-dn <string>
no ldap base-dn
Sets the base distinguished name (location) of the user information in the schema of the LDAP server.
The no form of the command resets the attribute to its default values.
|
Syntax Description
|
string
|
A case-sensitive string that specifies the location in the LDAP hierarchy where the server should begin searching when it receives an authorization request.
For example: "ou=users,dc=example,dc=com", with no spaces.
Where:
|
Default
|
ou=users,dc=example,dc=com
|
Configuration Mode
|
config
|
History
|
1.5
|
Example
|
|
Related Commands
|
show ldap
|
Notes
|
ldap {bind-dn | bind-password} <string>
no ldap {bind-dn | bind-password}
Gives the distinguished name or password to bind to on the LDAP server. This can be left empty for anonymous login (the default).
The no form of the command resets the attribute to its default values.
|
Syntax Description
|
string
|
A case-sensitive string that specifies distinguished name or password to bind to on the LDAP server
|
Default
|
""
|
Configuration Mode
|
config
|
History
|
1.5
|
Example
|
|
Related Commands
|
show ldap
|
Notes
|
For anonymous login, bind-dn and bind-password should be empty strings ""
|
ldap {group-attribute {<group-att> | member | uniqueMember} | group-dn <group-dn>}
no ldap {group-attribute | group-dn}
Sets the distinguished name or attribute name of a group on the LDAP server.
The no form of the command resets the attribute to its default values.
|
Syntax Description
|
group-attribute
|
Specifies a custom attribute name
|
member
|
groupOfNames or group membership attribute
|
uniqueMember
|
groupOfUniqueNames membership attribute
|
group-dn
|
DN of group required for authorization
|
Default
|
group-att: member
group-dn: ""
|
Configuration Mode
|
config
|
History
|
1.5
|
Example
|
|
Related Commands
|
show ldap
|
Notes
|
|
ldap host <ip-address> [order <number> last]
no ldap host <ip-address>
Adds an LDAP server to the set of servers used for authentication.
The no form of the command deletes the LDAP host.
|
Syntax Description
|
ip-address
|
IP address
|
number
|
The order of the LDAP server
|
last
|
The LDAP server will be added in the last location
|
Default
|
N/A
|
Configuration Mode
|
config
|
History
|
1.5
|
Example
|
|
Related Commands
|
show aaa
show ldap
|
Notes
|
|
ldap login-attribute {<string> | uid | sAMAccountName}
no ldap login-attribute
Sets the attribute name which contains the login name of the user.
The no form of the command resets this attribute to its default.
|
Syntax Description
|
string
|
Custom attribute name
|
uid
|
LDAP login name is taken from the user login username
|
sAMAccountName
|
SAM Account name, active directory login name
|
Default
|
N/A
|
Configuration Mode
|
config
|
History
|
1.5
|
Example
|
|
Related Commands
|
show aaa
show ldap
|
Notes
|
ldap port <port>
no ldap port
Sets the TCP port on the LDAP server to connect to for authentication.
The no form of the command resets this attribute to its default value.
|
Syntax Description
|
port
|
TCP port number
|
Default
|
389
|
Configuration Mode
|
config
|
History
|
1.5
|
Example
|
|
Related Commands
|
show aaa
show ldap
|
Notes
|
ldap referrals
no ldap referrals
Enables LDAP referrals.
The no form of the command disables LDAP referrals.
|
Syntax Description
|
N/A
|
Default
|
Enabled
|
Configuration Mode
|
config
|
History
|
1.5
|
Example
|
|
Related Commands
|
show aaa
show ldap
|
Notes
|
Referral is the process by which an LDAP server, instead of returning a result, will return a referral (a reference) to another LDAP server which may contain further information.
|
ldap scope <scope>
no ldap scope
Specifies the extent of the search in the LDAP hierarchy that the server should make when it receives an authorization request.
The no form of the command resets the attribute to its default value.
|
Syntax Description
|
scope
|
|
Default
|
subtree
|
Configuration Mode
|
config
|
History
|
1.5
|
Example
|
|
Related Commands
|
show aaa
show ldap
|
Notes
|
ldap ssl {cert-verify | mode <mode>| port <port-number>}
no ldap ssl {cert-verify | mode | port}
Sets SSL parameter for LDAP.
The no form of the command resets the attribute to its default value.
|
Syntax Description
|
cert-verify
|
Enables verification of SSL/TLS server certificates. This may be required if the server's certificate is self-signed, or does not match the name of the server.
|
mode
|
Sets the security mode for connections to the LDAP server.
|
port
|
Sets the port on the LDAP server to connect to for authentication when the SSL security mode is enabled (LDAP over SSL)
|
Default
|
cert-verify is enabled
mode is none (LDAP SSL is not activated)
port-number is 636
|
Configuration Mode
|
config
|
History
|
1.5
|
Example
|
|
Related Commands
|
show aaa
show ldap
|
Notes
|
|
ldap {timeout-bind | timeout-search} <seconds>
no ldap {timeout-bind | timeout-search}
Sets a global communication timeout in seconds for all LDAP servers to specify the extent of the search in the LDAP hierarchy that the server should make when it receives an authorization request.
The no form of the command resets the attribute to its default value.
|
Syntax Description
|
timeout-bind
|
Sets the global LDAP bind timeout for all LDAP servers
|
timeout-search
|
Sets the global LDAP search timeout for all LDAP servers
|
seconds
|
Range: 1-60
|
Default
|
5 seconds
|
Configuration Mode
|
config
|
History
|
1.5
|
Example
|
|
Related Commands
|
show aaa
show ldap
|
Notes
|
ldap version <version>
no ldap version
Sets the LDAP version.
The no form of the command resets the attribute to its default value.
|
Syntax Description
|
version
|
Sets the LDAP version. Possible values: 2 or 3.
|
Default
|
3
|
Configuration Mode
|
config
|
History
|
1.5
|
Example
|
|
Related Commands
|
show aaa
show ldap
|
Notes
|
show ldap
Displays LDAP configurations.
|
Syntax Description
|
N/A
|
Default
|
N/A
|
Configuration Mode
|
Any configuration mode
|
History
|
1.5
|
Example
|
|
Related Commands
|
show aaa
show ldap
|
Notes