Versions Compared

Old Version 1

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version 2

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel

In this section:

Table of Contents
maxLevel3


New CLI in 11.

0

1.0R0

SBX-

96767 PEM File Format Support for the Remote Type Certificate

86522 Support for TLS 1.3 on SBC Core

The flag v1_3 is added to the TLS Profile to configure TLS 1.3 support. In addition, three Ciphersuites are added to support TLS 1.3Currently, the SBC supports DER encoded files for type "remote" certificates. This feature implementation enhances the SBC to accept the PEM encoded files for "remote" certificates too.

Command Syntax

Code Block
titleExample
% set systemprofiles security pkitlsProfile certificate<tls <certificateprofile name> fileName <1-255 characters> type <local | local-internal | remote> state state v1_3 <disabled | enabled>

Command Parameters

Parameter

Description

fileName

<filename> – Certificate content filename in the format:

  • Local-Internal: PEM
  • Local: PKCS#12
  • Remote: DER, PEM

Configuration Examples

Code Block
set system security pki certificate COMPANY_CA filename company_ca.pem type remote state enabled
commit

SBX-103594 MSRP B2BUA Support when a=msrp-cema Present

To support the SBC role as "MSRP B2BUA" (even though the SBC receives msrp-cema attribute in the SDP), the SBC is enhanced with a configuration flag msrpB2BUA in the Trunk Group. By default, this flag is disabled.

Command Syntax

Code Block
titleExample
% set addressContext <AC name> zone <Zone name> sipTrunkGroup <TG name> media msrpB2BUA <disabled | enabled>
% set profiles security tlsProfile <tls profile name> cipherSuite <cipherSuite1/2/3>
   tls_aes_128_gcm_sha256
   tls_aes_256_gcm_sha384
   tls_chacha20_poly1305_sha256
Command Parameters
ParameterLength/RangeDefaultDescriptionM/O
msrpB2BUA
v1_3
N

n/

A.

a

disabled

This parameter ensures the role of SBC as B2BUA irrespective of the End Point role. Enable this parameter in both trunk groups to handle the msrp-cema attribute received in request/response messages.

  • disabled (default)
  • enabled
M

Configuration Examples

Code Block
set addressContext default zone zoneIngress sipTrunkGroup TG_ingress media msrpB2BUA enabled
commit
Code Block
set addressContext default zone zoneIngress sipTrunkGroup TG_ingress media msrpB2BUA disabled
commit

SBX-104653 Allow SMM Profile Index Gapping and Rearranging through CLI

A CLI command is introduced to create gap between the SMM rules and allow the user to add new rules in the gap without deleting the rules.

Command Syntax

Code Block
% request profiles signaling sipAdaptorProfile <profile_name> cmds addGapInRuleList index <0-10000> gap <0-10000>
Info
titleNote

You can enter the command from both the system-level and configure CLI modes.

Command Parameters

ParameterLength/RangeDefaultDescriptionM/OaddGapInRuleList

N/A

N/A

Use this parameter to create a gap between the SMM rules in order to add new rules in the gap without deleting the rules.

  • Gap -- Represents the number of rule positions to move after the input index. Range: 0-10000. Default = 0
  • Index -- Represents the rule after which the gap is created Range: 0-10000. Default = 0 

Note: The largest value allowed for the gap is determined based on the sum of rule count and gap.

  • The SBC generates an error in the .DBG log if the ruleCount + gap is greater than CPX_MAX_SMM_RULES.
  • The SBC generates an error in the .DBG log if the input index value is greater than or equal to Maximum Rule Index of the existing rules (index >= maxRuleIndex).
M

Enable this flag to configure the SBC to support TLS 1.3 on the ingress and egress legs.

  • disabled
  • enabled
O
tls_aes_128_gcm_sha256n/an/aTLS 1.3 CiphersuiteO
tls_aes_256_gcm_sha384n/an/aTLS 1.3 CiphersuiteO
tls_chacha20_poly1305_sha256n/an/aTLS 1.3 CiphersuiteO
Configuration Examples
Code Block
languagenone
set profiles security tlsProfile defaultTlsProfile v1_3 enabled
set profiles security tlsProfile defaultTlsProfile cipherSuite1 tls_aes_128_gcm_sha256
set profiles security tlsProfile defaultTlsProfile cipherSuite2 tls_aes_256_gcm_sha384
set profiles security tlsProfile defaultTlsProfile cipherSuite3 tls_chacha20_poly1305_sha256
commit

SBX-93114 SIP Registrar Functionality Support

The SBC Core is enhanced to support SIP Registrar functionality for SIP end points. This feature allows the Ribbon SBC to act as an Access SBC with Registrar functionality in a single deployment.

SIP TG - Signaling - SIP Local Registrar - CLI

The CLI object sipLocalRegistrar to support the SIP Registrar functionality is added to the CLI in this release.

Command Syntax

The following CLI shows how to enable the SIP Local Registrar functionality.

Code Block
titlesipTrunkGroup - signaling - sipLocalRegistrar - CLI
set addressContext <name> zone <name> sipTrunkGroup <name> signaling sipLocalRegistrar <disabled | enabled>

Configuration Examples

Code Block
request profiles signaling sipAdaptorProfile SMM_INC cmds addGapInRuleList index 10 gap 5
result success

SBX-90885 Handling of RCD Passport Headers

The SBC is enhanced to pass the "jcard" and the "call-reason" parameters received in the "Call-Info" header of the SIP INVITE to the PSX when STIR/SHAKEN is enabled. To support this functionality, the flexVariable type is added to the SIP Adaptor Profile configuration to store up to 16 flex variables received from the PSX as input to the SBC SMM to modify SIP messages on the Egress leg.

Command Syntax

Code Block
% set profiles signaling sipAdaptorProfile <Profile Name> rule <#> action <#> from type flexVariable
% set profiles signaling sipAdaptorProfile <Profile Name> rule <#> action <#> from flexVariableValue <flexvar1...flexvar16>
Command Parameters
ParameterLength/RangeDefaultDescription
M/O

flexVariable

flexvar1 to flexvar16
sipLocalRegistrarN/A
The flex variable name of the SIP PDU manipulation entry.
disabled

Use this

parameter to store up to 16 flex variables received from the PSX as input to the SBC SMM to modify SIP messages on the Egress leg.M

Configuration Examples

Code Block
set profiles signaling sipAdaptorProfile smm1 rule 1 action 1 from type flexVariable
set profiles signaling sipAdaptorProfile smm1 rule 1 action 1 from flexVariableValue flexVar1
commit

SMM Configuration Examples

Example SMM for REGISTER request, where the username is modified in the Egress register:

Code Block
set profiles signaling sipAdaptorProfile EBOSMM state enabled
set profiles signaling sipAdaptorProfile EBOSMM advancedSMM enabled
set profiles signaling sipAdaptorProfile EBOSMM profileType messageManipulation
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 1 message
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 1 message messageTypes request
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 1 message methodTypes [ register ]
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 2 type header
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 2 header
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 2 header name to
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 2 header condition exist
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 2 header hdrInstance all
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 3 type token
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 3 token
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 3 token condition exist
set profiles signaling sipAdaptorProfile EBOSMM rule 1 criterion 3 token tokenType uriusername

set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 type token
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 operation modify
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 from
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 from type flexVariable
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 from flexVariableValue flexVar1
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 to
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 to type token
set profiles signaling sipAdaptorProfile EBOSMM rule 1 action 1 to tokenValue uriusername
commit

This example shows the PSX-received LOGO parameter is added as a Call-info header in the Egress INVITE:

Code Block
set profiles signaling sipAdaptorProfile AddCallinfo state enabled
set profiles signaling sipAdaptorProfile AddCallinfo advancedSMM enabled

set profiles signaling sipAdaptorProfile AddCallinfo rule 1 applyMatchHeader one
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 1 type message
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 1 message
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 1 message messageTypes request
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 1 message methodTypes [ invite ]
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 2 type messageBody
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 2 messageBody
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 2 messageBody condition exist
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 3 type flexVariable
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 3 flexVariable
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 3 flexVariable condition exist
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 criterion 3 flexVariable variableID flexVar4

set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 type header
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 operation add
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 headerPosition last
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 from
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 from type flexVariable
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 from flexVariableValue flexVar4
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 to
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 to type header
set profiles signaling sipAdaptorProfile AddCallinfo rule 1 action 1 to value Call-Info
commit

Example of a flex variable stored in a dialog scope variable, and used in a Re-Invite:

Code Block
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 type variable
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 operation store
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 from
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 from type flexVariable
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 from flexVariableValue flexVar1
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 to
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 to type variable
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 to variableValue var1
set profiles signaling sipAdaptorProfile AddCallinfo rule 2 action 2 to variableScopeValue dialog
commit

SBX-106619 Voice Analytics to Identify Voice Campaigns

The SBC is enhanced to generate an audio fingerprint file on a sub-set of the calls identified for capture by SIPSG using the SAGE triggering algorithm. For calls where the audio fingerprint is computed, it is computed based on the incoming audio on the Ingress leg of the call. The audio fingerprinting is performed only for the calls where the Ingress leg is encoded using G.711 (A-law or μ-law), G.729AB, G.722, AMR, AMR-WB, EVRC, or EVRCB.

Command Syntax

Code Block
% set global callTrace sageFingerprint  <disable | enable>

Command Parameters

ParameterLength/RangeDefaultDescriptionM/OsageFingerprint

N/A

enabled

Enable this flag to generate an audio fingerprint for the incoming calls that can aid in robocalling campaign identification. The back-end systems (such as Identity Hub) use this feature to identify robocalling campaigns and classify individual calls that belong to a robocalling campaign.

Audio fingerprinting is enabled by default. A global configuration option is provided to disable the fingerprinting on the SBC.

  • disable – Disabling audio fingerprinting can free the memory allocated to store the associated captured media.
  • enable (default)
O

flag to enable the SIP Local Registrar functionality. When enabled, messages are sent to the SIP Local Registrar.

  • disabled (default)
  • enabled
Command Example
Code Block
titlesipTrunkGroup - signaling - sipLocalRegistrar - CLI Example
set addressContext <name> zone <name> sipTrunkGroup <name> signaling sipLocalRegistrar <disabled | enabled>

For more information, refer to SIP TG - Signaling - SIP Local Registrar - CLI.

Signaling - Global - CLI - SIP Local Registrar Object

Command Syntax
Code Block
titleSIP Local Registrar
% set global signaling sipLocalRegistrar
    expires <15-65535>
    minExpires<15-65535>
    sipRegSubscriberProfile <aor Name>
        sipRegAdminState <active | inactive>
        sipRegSendChallenge <challengeForNone | challengeForRegister | challengeForRegisterAndInvite>
        sipRegAuthRealm <authentication Realm>
        sipRegAuthUserName <authentication UserName>
        sipRegAuthPassword <authentication Password>

% show global signaling sipLocalRegistrar
	sipRegSubscriberProfile <aor Name>
	expires 
	minExpires
Command Parameters
ParameterLength/RangeDefaultDescriptionM/O
expires

15-65535

3600

The Expiry value used for Registration.

O
minExpires15-6553530

The Min-Expiry value used for Registration.

If REGISTER is received with Expires value less than this field, 423 Error is generated

O
sipRegSubscriberProfile1-127 charactersN/AThis represents the Address Of Record (AOR) of the user. This is the mandatory key against which the binding is created. The AOR uses the "user@host" format. For example, testUser@example.com. Also see CLI example below.M
sipRegAdminStateN/Aactive 

Defines if Subscriber state is active or inactive. The choices are:

  • active (default)
  • inactive
O
sipRegSendChallengeN/AchallengeForNone

Defines how the Authentication Challenge is sent.

  • challengeForNone - Authentication challenge is not initiated for any of the messages.
  • challengeForRegister - Authentication challenge is initiated for REGISTER messages only.
  • challengeForRegisterAndInvite - Authentication challenge is initiated for REGISTER/INVITE messages (Re-INVITE would not be challenged).
O
sipRegAuthRealm   1-127 charactersN/ATh Authorization realm for SIP registration.O
sipRegAuthUserName1-127 charactersN/AThe Authorization user name for SIP registration.O
sipRegAuthPassword   6-32 charactersN/A

DES3 (triple Digital Encryption Standard) encrypted string authentication password for SIP local registration. All ASCII characters from 33 to 126 (except 34 - double quotes) are allowed.

Note:

If Authentication Password contains ASCII characters, enclose the entire password string with double quotes (" ") .

Example using double quotes: 

"Password1:@\#:########~%&*@#"

Since the SBC Registrar supports bulk load configuration, the length of the password string is not validated at the time of entry into the database. The Admin must make sure that length is within the prescribed range (6-32 characters). For such out of bound passwords, authentication can fail with 403 error response.

O
Command Example
Code Block
titlesipLocalRegistrar Configuration Examples
set global signaling sipLocalRegistrar expires 3500
set global signaling sipLocalRegistrar minExpires 300

set global signaling sipLocalRegistrar sipRegSubscriberProfile testUser@example.com sipRegAdminState active sipRegSendChallenge challengeForRegisterAndInvite sipRegAuthRealm example.com sipRegAuthUserName testUser sipRegAuthPassword password1

show global signaling sipLocalRegistrar sipRegSubscriberProfile testUser@example.com
      sipRegAuthUserName  testUser;
      sipRegAuthRealm     example.com;
      sipRegAuthPassword  $7$FZ5ju2oDUvNyLs8MvuBYmoCo55fOBhnu;
      sipRegAdminState    active;
      sipRegSendChallenge challengeForRegisterAndInvite;

show global signaling sipLocalRegistrar expires
expires 3500

show global signaling sipLocalRegistrar minExpires
minExpires 300

show status global sipLocalRegistrar
sipLocalRegistrarRegStatus 53056@10.xx.xx.70 {
    state          active;
    contactURI     sip:53056@10.xx.1xx.xx:5xx0;
    expirationTime 3600;
    creationTime   2022-09-08T10:23:29+00:00;
    refreshTime    0000-00-00T00:00:00+00:00;
    remainingTime  3493;
}
sipLocalRegistrarRegCountStatistics entry {
    sipRegAttemptCount      1;
    sipRegChallengedCount   1;
    sipRegStableCount       1;
    sipRegFailed403Count    0;
    sipRegFailed404Count    0;
    sipRegFailed503Count    0;
    sipRegFailedOthersCount 0;
}

request global sipLocalRegistrar sipRegCountReset

request global sipLocalRegistrar sipRegistrationDeleteByAor sipRegAor 53056@10.xx.xx.70
result success

For more information, refer to Signaling - Global - CLI.

SIP Local Registrar - Request CLI

Command Syntax
Code Block
titlesipLocalRegistrar - Request CLI
% request global sipLocalRegistrar sipLocalRegistrarRegDeleteByAor <aor Name>

% request global sipLocalRegistrar sipRegCountReset
Command Parameters
ParameterLength/RangeDefaultDescription
sipLocalRegistrarRegDeleteByAorN/AN/A

Use this  flag to delete an AOR entry from the Registrar.

sipRegCountResetN/AN/A

Use this parameter to reset the count of statistics.

Info
titleNote

This resets all the counters except for stable registration. Stable registrations are displayed per real time numbers.



Info
titleNote

The aor Name in the CLI above represents the AOR of the user (1-127 characters).

For more information, refer to Request Global - CLI.

SIP Local Registrar - Show CLI

Command Syntax
Code Block
titlesipLocalRegistrar - Show CLI
% show status global sipLocalRegistrar 
	sipActiveLocalRegistrarRegStatus
	sipLocalRegistrarRegCountStatistics
	sipLocalRegistrarRegCountCurStats
	sipLocalRegistrarRegCountIntStats


% show table global sipLocalRegistrar sipLocalRegistrarRegCountStatistics
Command Parameters
ParameterLength/RangeDefaultDescription
sipActiveLocalRegistrarRegStatusN/AN/A

Shows the status of the AOR registered with the Registrar. If the AOR name is not provided, this shows the data for all the AORs registered at Registrar.

sipLocalRegistrarRegCountStatisticsN/AN/A

Shows the attempt/stable/failed counts for registrations received at the Registrar.

The statistics displays the following fields.

  • sipRegAttemptCount – The total count of the register attempts.
  • sipRegChallengedCount – The count of the challenged register attempts.
  • sipRegStableCount – The count of the currently active and stable registered users.
  • sipRegFailed403Count – The count of the registers failed with a 403 SIP response code.
  • sipRegFailed404Count – The count of the registers failed with a 404 SIP response code.
  • sipRegFailed503Count – The count of the registers failed with a 503 SIP response code.
  • sipRegFailedOthersCount – The count of the registers failed with other SIP response codes.
sipLocalRegistrarRegCountCurStatsN/AN/AThe high water mark of total number of stable registrations for the current interval.
sipLocalRegistrarRegCountIntStatsN/AN/A

The high water mark of total number of stable registrations for the reporting interval.

For more information, refer to Show Status Global.

SBX-111375 LDAP AD authentication support

The parameter ldapConfigurationMode is added to the ldapAuthentication configuration for the user to choose the "advanced" mode option to configure the newly-added parameters.

Command Syntax
Code Block
titleNew ldapConfigurationMode Syntax
% set oam ldapAuthentication ldapConfigurationMode <advanced | legacy>


Code Block
title ldapServer Syntax (Legacy Mode)
% set oam ldapAuthentication ldapServer <serverName> 
	bindMethod <sasl | simple>
	binddn <name>   
	groupNameAttribute <groupName, or empty string>
	ldapServerAddress <IPv4, IPv6 or FQDN> 
	ldapServerPort <valid port>
	priority <1-25>
	saslMechanism <digest-md5 | plain>
	searchbase <1-255 characters>
	state <disabled | enabled>
	transport <ldaps | tcp | tls>


Code Block
title ldapServer Syntax (Advanced Mode)
% set oam ldapAuthentication ldapServer <serverName> 
	bindMethod <sasl | simple>
	binddn <name>
	ldapServerAddress <IPv4, IPv6 or FQDN>
	ldapServerPort <valid port>
	priority <1-25>
	returnAttribute <1-255 characters>
	saslMechanism <digest-md5 | plain>
	searchFilter <1-255 characters>
	searchbase <1-255 characters>
	state <disabled | enabled>
	systemPassword <password>
    systemUsername <1-255 characters>
	transport <ldaps | tcp | tls>


Command Parameters

ldapAuthentication (New Parameter)

The ldapConfigurationMode parameter is added to the LDAP Authentication configuration to specify legacy or advanced modes.

ParameterLength/RangeDefaultDescriptionM/O
ldapConfigurationMode

n/a

legacy

The configuration mode for the LDAP client.

  • legacy Use this option for legacy LDAP behavior.
  • advanced Use this option to support Microsoft Active Directory (AD) services. 
O

ldapServer (Updated Parameters)

The following parameters are updated in this release (for both 'legacy' and 'advanced' modes):

ParameterLength/RangeDescriptionM/O

ldapServerAddress     

IPv4 address

IPv6 address

FQDN

The IPv4 address, IPv6 address or FQDN of the server as a hostname. The supported formats are:

  • IPv4 address (In dot notation)
  • IPv6 address (In hex-colon notation)
  • FQDN
M
priority1-25<priority #> – The server priority, where '1' is the highest priority.M
saslMechanismN/A

The SASL mechanism to use.

  • digest-md5 – Use this option to send the username and password as a hash so they are now viewable on the wire even if the transport is TCP.
  • plain (default)
O

ldapServer (New Parameters)

The following new LDAP Sever parameters are available when ldapConfigurationMode is set to advanced:

ParameterLength/RangeDescriptionM/O

returnAttribute

1-255 characters

The attribute returned from the search for the group name of the LDAP user.

For example, in the above query, if cn is specified as the return attribute, then the returned attribute will be: users. The query may return multiple users

O

searchFilter

1-255 characters

The LDAP filter used to search for the group name of the LDAP user. Specify {0} in the search filter to specify the user in the searchFilter. 

For example: (&(objectClass=group)(member=cn={0},CN=Users,DC=example,DC=tst))

O

systemPassword

string

The password for the LDAP user with Administrative privileges systemUser). Leave blank if the systemUsername is not specified.

O

systemUsername

1-255 characters

An LDAP user with Administrative privileges   Leave blank, or enter a user name.

Info
titleNote

If ldapConfigurationMode = advanced, the SBC LDAP client binds with the provided systemUsername and systemPassword. This allows the LDAP query specified in the searchFilter to  access the records needed to ascertain the group of the user under authentication.

The systemUsername and systemPassword are optional.  If a systemUsername is not specified, the SBC performs the search specified in searchFilter using the user's credentials.  If a systemUsername is specified, you cannot leave the systemPassword field blank.


O
Configuration Example

An example of LDAP Authentication using the "advanced" mode is provided below:

Code Block
languagenone
set oam ldapAuthentication ldapConfigurationMode advanced 
set oam ldapAuthentication ldapServer ldap1 priority 1
set oam ldapAuthentication ldapServer ldap1 state enabled
set oam ldapAuthentication ldapServer ldap1 bindMethod simple
set oam ldapAuthentication ldapServer ldap1 saslMechanism plain
set oam ldapAuthentication ldapServer ldap1 systemUsername CN=Administrator,CN=Users,DC=mdroot,DC=tst
set oam ldapAuthentication ldapServer ldap1 systemPassword xxxyyyzzz
set oam ldapAuthentication ldapServer ldap1 transport ldaps
set oam ldapAuthentication ldapServer ldap1 binddn "cn={0},CN=Users,dc=mdroot,dc=tst"
set oam ldapAuthentication ldapServer ldap1 searchbase CN=Builtin,DC=mdroot,DC=tst
set oam ldapAuthentication ldapServer ldap1 ldapServerAddress rdc1.mdroot.tst
set oam ldapAuthentication ldapServer ldap1 ldapServerPort 636
set oam ldapAuthentication ldapServer ldap1 searchFilter (&(objectClass=group)(member=CN=Administrator,CN=Users,DC=mdroot,DC=tst))
set oam ldapAuthentication ldapServer ldap1 returnAttribute cn

Configuration Examples

To enable the sageFingerprint: 

Code Block
set global callTrace sageFingerprint enable
commit

To enable the sageFingerprint: 

Code Block
set global callTrace sageFingerprint disable
commit