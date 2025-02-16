On This Page
LDAP
ldap base-dn <string>
no ldap base-dn
Sets the base distinguished name (location) of the user information in the schema of the LDAP server.
The no form of the command resets the attribute to its default values.
Syntax Description
string
A case-sensitive string that specifies the location in the LDAP hierarchy where the server should begin searching when it receives an authorization request.
For example: "ou=users,dc=example,dc=com", with no spaces.
Where:
Default
ou=users,dc=example,dc=com
Configuration Mode
config
History
1.5
Example
Related Commands
show ldap
Notes
ldap {bind-dn | bind-password} <string>
no ldap {bind-dn | bind-password}
Gives the distinguished name or password to bind to on the LDAP server. This can be left empty for anonymous login (the default).
The no form of the command resets the attribute to its default values.
Syntax Description
string
A case-sensitive string that specifies distinguished name or password to bind to on the LDAP server
Default
""
Configuration Mode
config
History
1.5
Example
Related Commands
show ldap
Notes
For anonymous login, bind-dn and bind-password should be empty strings ""
ldap {group-attribute {<group-att> | member | uniqueMember} | group-dn <group-dn>}
no ldap {group-attribute | group-dn}
Sets the distinguished name or attribute name of a group on the LDAP server.
The no form of the command resets the attribute to its default values.
Syntax Description
group-attribute
Specifies a custom attribute name
member
groupOfNames or group membership attribute
uniqueMember
groupOfUniqueNames membership attribute
group-dn
DN of group required for authorization
Default
group-att: member
group-dn: ""
Configuration Mode
config
History
1.5
Example
Related Commands
show ldap
Notes
ldap host <ip-address> [order <number> last]
no ldap host <ip-address>
Adds an LDAP server to the set of servers used for authentication.
The no form of the command deletes the LDAP host.
Syntax Description
ip-address
IP address
number
The order of the LDAP server
last
The LDAP server will be added in the last location
Default
N/A
Configuration Mode
config
History
1.5
Example
Related Commands
show aaa
show ldap
Notes
ldap login-attribute {<string> | uid | sAMAccountName}
no ldap login-attribute
Sets the attribute name which contains the login name of the user.
The no form of the command resets this attribute to its default.
Syntax Description
string
Custom attribute name
uid
LDAP login name is taken from the user login username
sAMAccountName
SAM Account name, active directory login name
Default
N/A
Configuration Mode
config
History
1.5
Example
Related Commands
show aaa
show ldap
Notes
ldap port <port>
no ldap port
Sets the TCP port on the LDAP server to connect to for authentication.
The no form of the command resets this attribute to its default value.
Syntax Description
port
TCP port number
Default
389
Configuration Mode
config
History
1.5
Example
Related Commands
show aaa
show ldap
Notes
ldap referrals
no ldap referrals
Enables LDAP referrals.
The no form of the command disables LDAP referrals.
Syntax Description
N/A
Default
Enabled
Configuration Mode
config
History
1.5
Example
Related Commands
show aaa
show ldap
Notes
Referral is the process by which an LDAP server, instead of returning a result, will return a referral (a reference) to another LDAP server which may contain further information.
ldap scope <scope>
no ldap scope
Specifies the extent of the search in the LDAP hierarchy that the server should make when it receives an authorization request.
The no form of the command resets the attribute to its default value.
Syntax Description
scope
Default
subtree
Configuration Mode
config
History
1.5
Example
Related Commands
show aaa
show ldap
Notes
ldap ssl {cert-verify | mode <mode>| port <port-number>}
no ldap ssl {cert-verify | mode | port}
Sets SSL parameter for LDAP.
The no form of the command resets the attribute to its default value.
Syntax Description
cert-verify
Enables verification of SSL/TLS server certificates. This may be required if the server's certificate is self-signed, or does not match the name of the server.
mode
Sets the security mode for connections to the LDAP server.
port
Sets the port on the LDAP server to connect to for authentication when the SSL security mode is enabled (LDAP over SSL)
Default
cert-verify is enabled
mode is none (LDAP SSL is not activated)
port-number is 636
Configuration Mode
config
History
1.5
Example
Related Commands
show aaa
show ldap
Notes
ldap {timeout-bind | timeout-search} <seconds>
no ldap {timeout-bind | timeout-search}
Sets a global communication timeout in seconds for all LDAP servers to specify the extent of the search in the LDAP hierarchy that the server should make when it receives an authorization request.
The no form of the command resets the attribute to its default value.
Syntax Description
timeout-bind
Sets the global LDAP bind timeout for all LDAP servers
timeout-search
Sets the global LDAP search timeout for all LDAP servers
seconds
Range: 1-60
Default
5 seconds
Configuration Mode
config
History
1.5
Example
Related Commands
show aaa
show ldap
Notes
ldap version <version>
no ldap version
Sets the LDAP version.
The no form of the command resets the attribute to its default value.
Syntax Description
version
Sets the LDAP version. Possible values: 2 or 3.
Default
3
Configuration Mode
config
History
1.5
Example
Related Commands
show aaa
show ldap
Notes
show ldap
Displays LDAP configurations.
Syntax Description
N/A
Default
N/A
Configuration Mode
Any configuration mode
History
1.5
Example
Related Commands
show aaa
show ldap
Notes