< Home

server basedn

Function

The server basedn command sets a path through which users, user groups, or security groups are imported from an authentication server to the FW.

The undo server basedn command cancels the setting of a path.

Format

server basedn basedn

undo server basedn

Parameters

Parameter Description Value
basedn basedn

Specify a path through which users, user groups, or security groups are imported from an authentication server to the FW.

  • This value consists of the domain names and user group names on the AD/LDAP server. The format of this value is ou=level-N user group name, …,ou=level 2 user group name,ou=level-1 user group name,dc=level-N domain name, …,dc=level 2 domain name,dc=level-1 domain name. For example, r&d is a level-1 user group in the cce.com domain that is managed by an LDAP server. To import the users (and user groups) in group r&d to the device, set the Base DN to dc=cce, dc=com.
  • The BaseDN of a Agile Controller server takes the following format: root\level-1 department\level-2 department\…. For example, if the department and user information under level-1 department research is to be imported, the BaseDN is root\research.
 If the Base DN does not contain any space, its length ranges from 1 to 256. If the Base DN contains spaces, its length ranges from 3 to 258, and you must enclose the Base DN with double quotation marks ("), for example, "dc=test domain,dc=com". The specified Base DN must exist on the authentication server specified in the authentication server template that is referenced.

Views

Server import policy view

Default Level

2: Configuration level

Usage Guidelines

Setting a Base DN using the server basedn basedn command means to specify a path of the user, user group, or security group information to be imported. You can import all the user, user group, or security group information in the path to the FW.

If you need to import the user, user group, or security group information only in several sub-paths of an AD or LDAP server, repeatedly run the server searchdn searchdn command to specify the sub-paths (Search DNs) after specifying a Base DN. For one Base DN, a maximum of 16 sub-paths (Search DNs) can be specified.

Before you run the server basedn command, repeat the display user-manage group-in-basedn command for to view the organizational structure of a user, and select a Base DN from the organizational structure.

Users on the Sun ONE LDAP server have members, such as users, user groups, or security groups. The FW does not support importing a structure of this type.

Example

# Set the path to ou=werygh,dc=test,dc=com, through which users, user groups, or security groups are imported from an LDAP server to the FW.

<sysname> system-view
[sysname] user-manage import-policy policy1 from ldap
[sysname-import-policy1] server basedn ou=werygh,dc=test,dc=com

# Set the path to root\research, through which users or user groups are imported from an Agile Controller server to the FW.

<sysname> system-view
[sysname] user-manage import-policy policy1 from tsm
[sysname-import-policy1] server basedn root\research
Parent Topic: User and Authentication Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >