Skip to main content

ldap command

Use this command to display and configure the LDAP protocol configuration parameters.

The following table shows the arguments for the options.

Table 1. ldap command.

The following table is a multi-row three column table consisting of the options, option descriptions, and associated values for the options.

OptionDescriptionValues
-aUser authentication methodlocal only, LDAP only, local first then LDAP, LDAP first then local
-aomAuthentication only modeenabled, disabled
-bBinding methodanonymous, bind with ClientDN and password, bind with Login Credential
-cClient distinguished nameString of up to 127 characters for client_dn
-dSearch domainString of up to 63 characters for search_domain
-fGroup filterString of up to 127 characters for group_filter
-fnForest nameFor active directory environments. String of up to 127 characters.
-gGroup search attributeString of up to 63 characters for group_search_attr
-lLogin permission attributeString of up to 63 characters for string
-pClient passwordString of up to 15 characters for client_pw
-pcConfirm client passwordString of up to 15 characters for confirm_pw

Command usage is: ldap -p client_pw -pc confirm_pw

This option is required when you change the client password. It compares the confirm_pw argument with the client_pw argument. The command will fail if the arguments do not match.

-epEncrypted passwordBackup/restore password (internal use only)
-rRoot entry distinguished name (DN)String of up to 127 characters for root_dn
-rbsEnhanced Role-Based Security for active directory usersenabled, disabled
-s1ipServer 1 host name/IP addressString up to 127 characters or an IP address for host name/ip_addr
-s2ipServer 2 host name/IP addressString up to 127 characters or an IP address for host name/ip_addr
-s3ipServer 3 host name/IP addressString up to 127 characters or an IP address for host name/ip_addr
-s4ipServer 4 host name/IP addressString up to 127 characters or an IP address for host name/ip_addr
-s1pnServer 1 port numberA numeric port number up to 5 digits for port_number
-s2pnServer 2 port numberA numeric port number up to 5 digits for port_number
-s3pnServer 3 port numberA numeric port number up to 5 digits for port_number
-s4pnServer 4 port numberA numeric port number up to 5 digits for port_number
-tServer target nameWhen the rbs option is enabled, this field specifies a target name that can be associated with one or more roles on the Active Directory server through the Role-Based Security (RBS) Snap-In tool.
-uUID search attributeString of up to 63 characters for search_attrib
-vGet LDAP server address through DNSoff, on
-hDisplays the command usage and options 
Syntax:
ldap [options]
options:
-a loc|ldap|locld|ldloc
-aom enable/disabled
-b anon|client|login
-c client_dn
-d search_domain
-f group_filter
-fn forest_name
-g group_search_attr
-l string
-p client_pw
-pc confirm_pw
-ep encrypted_pw
-r root_dn
-rbs enable|disabled
-s1ip host name/ip_addr
-s2ip host name/ip_addr
-s3ip host name/ip_addr
-s4ip host name/ip_addr
-s1pn port_number
-s2pn port_number
-s3pn port_number
-s4pn port_number
-t name
-u search_attrib
-v off|on
-h