ldap command
Use this command to display and configure the LDAP protocol configuration parameters.
The following table shows the arguments for the options.
| Option | Description | Values |
|---|---|---|
| -a | User authentication method | local only, LDAP only, local first then LDAP, LDAP first then local |
| -aom | Authentication only mode | enabled, disabled |
| -b | Binding method | anonymous, bind with ClientDN and password, bind with Login Credential |
| -c | Client distinguished name | String of up to 127 characters for client_dn |
| -d | Search domain | String of up to 63 characters for search_domain |
| -f | Group filter | String of up to 127 characters for group_filter |
| -fn | Forest name | For active directory environments. String of up to 127 characters. |
| -g | Group search attribute | String of up to 63 characters for group_search_attr |
| -l | Login permission attribute | String of up to 63 characters for string |
| -p | Client password | String of up to 15 characters for client_pw |
| -pc | Confirm client password | String of up to 15 characters for confirm_pw Command usage is: ldap -p client_pw -pc confirm_pw This option is required when you change the client password. It compares the confirm_pw argument with the client_pw argument. The command will fail if the arguments do not match. |
| -ep | Encrypted password | Backup/restore password (internal use only) |
| -r | Root entry distinguished name (DN) | String of up to 127 characters for root_dn |
| -rbs | Enhanced Role-Based Security for active directory users | enabled, disabled |
| -s1ip | Server 1 host name/IP address | String up to 127 characters or an IP address for host name/ip_addr |
| -s2ip | Server 2 host name/IP address | String up to 127 characters or an IP address for host name/ip_addr |
| -s3ip | Server 3 host name/IP address | String up to 127 characters or an IP address for host name/ip_addr |
| -s4ip | Server 4 host name/IP address | String up to 127 characters or an IP address for host name/ip_addr |
| -s1pn | Server 1 port number | A numeric port number up to 5 digits for port_number |
| -s2pn | Server 2 port number | A numeric port number up to 5 digits for port_number |
| -s3pn | Server 3 port number | A numeric port number up to 5 digits for port_number |
| -s4pn | Server 4 port number | A numeric port number up to 5 digits for port_number |
| -t | Server target name | When the rbs option is enabled, this field specifies a target name that can be associated with one or more roles on the Active Directory server through the Role-Based Security (RBS) Snap-In tool. |
| -u | UID search attribute | String of up to 63 characters for search_attrib |
| -v | Get LDAP server address through DNS | off, on |
| -h | Displays the command usage and options |
Syntax:
ldap [<em className="ph i">options</em>]
options:
-a <em className="ph i">loc|ldap|locld|ldloc</em>
-aom <em className="ph i">enable/disabled</em>
-b <em className="ph i">anon|client|login</em>
-c <em className="ph i">client_dn</em>
-d <em className="ph i">search_domain</em>
-f <em className="ph i">group_filter</em>
-fn <em className="ph i">forest_name</em>
-g <em className="ph i">group_search_attr</em>
-l <em className="ph i">string</em>
-p <em className="ph i">client_pw</em>
-pc <em className="ph i">confirm_pw</em>
-ep <em className="ph i">encrypted_pw</em>
-r <em className="ph i">root_dn</em>
-rbs <em className="ph i">enable|disabled</em>
-s1ip <em className="ph i">host name/ip_addr</em>
-s2ip <em className="ph i">host name/ip_addr</em>
-s3ip <em className="ph i">host name/ip_addr</em>
-s4ip <em className="ph i">host name/ip_addr</em>
-s1pn <em className="ph i">port_number</em>
-s2pn <em className="ph i">port_number</em>
-s3pn <em className="ph i">port_number</em>
-s4pn <em className="ph i">port_number</em>
-t <em className="ph i">name</em>
-u <em className="ph i">search_attrib</em>
-v <em className="ph i">off|on</em>
-h
Give feedback