In this section:
LDAP Server
Use this parameter to configure information to communicate with one or more LDAP servers.
Command Syntax
% set oam ldapAuthentication ldapServer <serverName> binddn <name> bindMethod <sasl|simple> groupNameAttribute <groupName, or empty string> ldapServerAddress <IPv4/IPv6 address> ldapServerPort <valid port> priority <1-3> saslMechanism <plain> searchbase <base> state <disabled|enabled> transport <ldaps|tcp|tls>
Command Parameters
LDAP Authentication Parameters
Parameter | Length/Range | Description | Mandatory (M) |
---|---|---|---|
serverName | Up to 23 characters | <serverName> – The name of this LDAP server. | M |
binddn | String |
| M, if bindMethod = simple |
bindMethod | N/A | Specify the bindMethod to use.
| O |
groupNameAttribute | String | Use this parameter to define the group name attribute.
| O |
ldapServerAddress | IPv4/IPv6 address | <IP address> – The IPv4/IPv6 address of the LDAP server | M |
ldapServerPort | 1-65535 |
The default value is NOTE: If | O |
priority | 1-3 | <priority #> – The server priority, where '1' is the highest priority. | M |
saslMechanism | N/A | The SASL mechanism to use.
| O |
searchbase | String | This parameter specifies the location where the user records are located, and serves as the base for the LDAP query. | M |
state | N/A | The state of this LDAP server.
| O |
transport | N/A | The transport type to use.
| O |
Command Example
set oam ldapAuthentication ldapServer ldap1 priority 1 transport tls binddn "ou=people,dc=example,dc=com" searchbase "dc=example,dc=com" ldapServerAddress 169.172.201.153 state enabled
LDAP Filters
Use this parameter to configure a set of filters against predefined or custom groups to determine if the specified user is a member of those groups. Each filter is accessed in the order specified in the LDAP Filters table. If a filter returns at least one record, then the user is considered part of that group, and that group name is used.
Command Syntax
% set oam ldapAuthentication ldapFilters filter <LDAP filter string> groupName <name of CLI group name to login to CLI> order <integer>
Command Parameters
LDAP Filter Parameters
Parameter | Length/Range | Description |
---|---|---|
filter | String |
The special string For example, if the user is jsmith, the filter (&(uid=%%USERNAME%%)(accessLevel:=userAccessLevel1)) becomes (&(uid=jsmith )(accessLevel:=userAccessLevel1)) |
groupName | N/A | The CLI group name to use for logging onto the CLI.
|
order | Integer |
|
Command Example
set oam ldapAuthentication ldapFilters order 1 groupName Administrator filter (&(uid=%%USERNAME%% )(accessLevel:=userAccessLevel1))
LDAP Retry Criteria
Use this parameter to configure the LDAP Server Retry criteria settings.
Command Syntax
% set oam ldapAuthentication retryCriteria retryTimer <500-45000> retryCount <1-3> oosDuration <0-300>
Command Parameters
LDAP Retry Criteria Parameters
Parameter | Length/Range | Description |
---|---|---|
retryTimer | 500-45000 |
Default: 1000 |
retryCount | 1-3 |
Default: 3 |
oosDuration | 0-300 |
Default: 60 |
Command Example
set oam ldapAuthentication retryCriteria retryTime 1000 retryCount 3 oosDuration 60
Re-enable Server
An LDAP server is marked "unavailable" when the SBC cannot reach it. Use this command to re-enable the LDAP server, which will set the status back to "available".
Command Syntax
% request oam ldapAuthentication ldapServer <servername> reEnableServer
Command Parameters
Re-enable Server Parameters
Parameter | Description |
---|---|
ldapServer | <serverName> – The name of the LDAP server. |
reEnableServer | An LDAP server is marked "unavailable" when the SBC cannot reach it. Use this action to re-enable an LDAP server, which then sets the status back to "available". |
Command Example
request oam ldapAuthentication ldapServer ldapServer1 reEnableServer