config user ldap
Configure LDAP server entries.
config user ldap
Description: Configure LDAP server entries.
edit <name>
set server {string}
set secondary-server {string}
set tertiary-server {string}
set server-identity-check [enable|disable]
set source-ip {ipv4-address}
set cnid {string}
set dn {string}
set type [simple|anonymous|...]
set username {string}
set password {password}
set group-member-check [user-attr|group-object|...]
set group-search-base {string}
set group-object-filter {string}
set group-filter {string}
set secure [disable|starttls|...]
set ca-cert {string}
set port {integer}
set password-expiry-warning [enable|disable]
set password-renewal [enable|disable]
set member-attr {string}
set account-key-processing [same|strip]
set account-key-name {string}
next
end
config user ldap
|
Parameter |
Description |
Type |
Size |
|||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
name |
LDAP server entry name. |
string |
Maximum length: 35 |
|||||||||
|
server |
LDAP server CN domain name or IP. |
string |
Maximum length: 63 |
|||||||||
|
secondary-server |
Secondary LDAP server CN domain name or IP. |
string |
Maximum length: 63 |
|||||||||
|
tertiary-server |
Tertiary LDAP server CN domain name or IP. |
string |
Maximum length: 63 |
|||||||||
|
server-identity-check |
Enable/disable LDAP server identity check (verify server domain name/IP address against the server certificate). |
option |
- |
|||||||||
|
|
|
|||||||||||
|
source-ip |
Source IP for communications to LDAP server. |
ipv4-address |
Not Specified |
|||||||||
|
cnid |
Common name identifier for the LDAP server. The common name identifier for most LDAP servers is "cn". |
string |
Maximum length: 20 |
|||||||||
|
dn |
Distinguished name used to look up entries on the LDAP server. |
string |
Maximum length: 511 |
|||||||||
|
type |
Authentication type for LDAP searches. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
username |
Username (full DN) for initial binding. |
string |
Maximum length: 511 |
|||||||||
|
password |
Password for initial binding. |
password |
Not Specified |
|||||||||
|
group-member-check |
Group member checking methods. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
group-search-base |
Search base used for group searching. |
string |
Maximum length: 511 |
|||||||||
|
group-object-filter |
Filter used for group searching. |
string |
Maximum length: 2047 |
|||||||||
|
group-filter |
Filter used for group matching. |
string |
Maximum length: 2047 |
|||||||||
|
secure |
Port to be used for authentication. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
ca-cert |
CA certificate name. |
string |
Maximum length: 63 |
|||||||||
|
port |
Port to be used for communication with the LDAP server. |
integer |
Minimum value: 1 Maximum value: 65535 |
|||||||||
|
password-expiry-warning |
Enable/disable password expiry warnings. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
password-renewal |
Enable/disable online password renewal. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
member-attr |
Name of attribute from which to get group membership. |
string |
Maximum length: 63 |
|||||||||
|
account-key-processing |
Account key processing operation, either keep or strip domain string of UPN in the token. |
option |
- |
|||||||||
|
|
|
|||||||||||
|
account-key-name |
Account key name, using the UPN as the search filter. |
string |
Maximum length: 20 |
|||||||||