In this section:
Use this parameter to configure the mode for the LDAP client.
% set oam ldapAuthentication ldapConfigurationMode <advanced | legacy>
Parameter | Length/Range | Description | Mandatory (M) |
---|---|---|---|
ldapConfigurationMode | N/A | The configuration mode for the LDAP client.
| O |
set oam ldapAuthentication ldapConfigurationMode advanced
For more information on the "advanced
" ldapConfigurationMode
, refer to: Configuring SBC for External Centralized Authentication using LDAP.
LDAP Server
Use this parameter to configure information to communicate with one or more LDAP servers.
% set oam ldapAuthentication ldapServer <serverName> binddn <name> bindMethod <sasl | simple> groupNameAttribute <groupName, or empty string> ldapServerAddress <IPv4 address, IPv6 address, or FQDN> ldapServerPort <valid port> priority <1-25> saslMechanism <digest-md5 | plain> searchbase <base> state <disabled | enabled> transport <ldaps | tcp | tls>
% set oam ldapAuthentication ldapServer <serverName> binddn <name> bindMethod <sasl | simple> ldapServerAddress <IPv4, IPv6 or FQDN> ldapServerPort <valid port> priority <1-25> returnAttribute <1-255 characters> saslMechanism <digest-md5 | plain> searchFilter <1-255 characters> searchbase <1-255 characters> state <disabled | enabled> systemPassword <password> systemUsername <1-255 characters> transport <ldaps | tcp | tls>
set oam ldapAuthentication ldapServer ldap1 priority 1 transport tls binddn "ou=people,dc=example,dc=com" searchbase "dc=example,dc=com" ldapServerAddress 169.172.201.153 state enabled commit
set oam ldapAuthentication ldapServer ldap1 priority 1 state enabled bindMethod simple saslMechanism plain systemUsername CN=Administrator,CN=Users,DC=mdroot,DC=tst systemPassword xxxyyyzzz transport ldaps binddn "cn={0},CN=Users,dc=mdroot,dc=tst" searchbase CN=Builtin,DC=mdroot,DC=tst ldapServerAddress rdc1.mdroot.tst ldapServerPort 636 searchFilter (&(objectClass=group)(member=CN=Administrator,CN=Users,DC=mdroot,DC=tst)) returnAttribute cn commit
Use this parameter to configure a set of filters against predefined or custom groups to determine if the specified user is a member of those groups. Each filter is accessed in the order specified in the LDAP Filters table. If a filter returns at least one record, then the user is considered part of that group, and that group name is used.
% set oam ldapAuthentication ldapFilters filter <LDAP filter string> groupName <name of CLI group name to login to CLI> order <integer>
set oam ldapAuthentication ldapFilters order 1 groupName Administrator filter (&(uid=%%USERNAME%% )(accessLevel:=userAccessLevel1)) commit
Use this parameter to configure the LDAP Server Retry criteria settings.
% set oam ldapAuthentication retryCriteria retryTimer <500-45000> retryCount <1-3> oosDuration <0-300>
set oam ldapAuthentication retryCriteria retryTime 1000 retryCount 3 oosDuration 60 commit
An LDAP server is marked "unavailable" when the SBC cannot reach it. Use this command to re-enable the LDAP server, which will set the status back to "available".
% request oam ldapAuthentication ldapServer <servername> reEnableServer
request oam ldapAuthentication ldapServer ldapServer1 reEnableServer