server searchdn

Function

The server searchdn command sets a sub-path through which users, user groups, or security groups are imported from an authentication server to the FW.

The undo server searchdn command cancels the setting of a sub-path through which users, user groups, or security groups are imported from an authentication server to the FW.

Format

server searchdn searchdn

undo server searchdn searchdn

Parameters

Parameter	Description	Value
searchdn searchdn	Specify a sub-path through which users, user groups, or security groups are imported from an authentication server to the FW. This value consists of the domain names and user group names. The format of this value is ou=level-N user group name, …,ou=level 2 user group name,ou=level-1 user group name,dc=level-N domain name, …,dc=level 2 domain name,dc=level-1 domain name For example, in the domain cce.com of an LDAP server, level-1 user group is r&d, and this user group has four level-2 user groups: r&d1, r&d2, r&d3, and r&d4. To import users, user groups, or security groups from r&d1 and r&d2 to the FW, set the BaseDN to dc=cce,dc=com and set two SearchDNs: ou=r&d1,ou=r&d,dc=cce,dc=com and ou=r&d2,ou=r&d,dc=cce,dc=com.	If the Search DN does not contain any space, its length ranges from 1 to 256. If the Search DN contains spaces, its length ranges from 3 to 258, and you must enclose the Search DN with double quotation marks ("), for example, "dc=test domain,dc=com". The specified Search DN must exist on the authentication server specified in the authentication server template that is referenced.

Parameter

Description

Value

searchdn searchdn

Specify a sub-path through which users, user groups, or security groups are imported from an authentication server to the FW. This value consists of the domain names and user group names. The format of this value is ou=level-N user group name, …,ou=level 2 user group name,ou=level-1 user group name,dc=level-N domain name, …,dc=level 2 domain name,dc=level-1 domain name

For example, in the domain cce.com of an LDAP server, level-1 user group is r&d, and this user group has four level-2 user groups: r&d1, r&d2, r&d3, and r&d4. To import users, user groups, or security groups from r&d1 and r&d2 to the FW, set the BaseDN to dc=cce,dc=com and set two SearchDNs: ou=r&d1,ou=r&d,dc=cce,dc=com and ou=r&d2,ou=r&d,dc=cce,dc=com.

If the Search DN does not contain any space, its length ranges from 1 to 256. If the Search DN contains spaces, its length ranges from 3 to 258, and you must enclose the Search DN with double quotation marks ("), for example, "dc=test domain,dc=com". The specified Search DN must exist on the authentication server specified in the authentication server template that is referenced.

Views

Server import policy view

Default Level

2: Configuration level

Usage Guidelines

Setting a Base DN using the server basedn basedn command means to specify a path of the user, user group, or security group information to be imported. You can import all the user, user group, or security group information in the path to the FW.

If you need to import the user, user group, or security group information only in several sub-paths of an AD or LDAP server, repeatedly run the server searchdn searchdn command to specify the sub-paths (Search DNs) after specifying a Base DN. For one Base DN, a maximum of 16 sub-paths (Search DNs) can be specified.

No sub-path can be specified for the import from a Agile Controller server.

Before you run the server searchdn command, repeat the display user-manage group-in-basedn command for to view the organizational structure of a user, and select a Search DN from the organizational structure.

Example

# Set the path to dc=test,dc=com and sub-path to ou=werygh,ou=r&d,dc=test,dc=com, through which users, user groups, or security groups are imported from an authentication server to the FW.

<sysname> system-view
[sysname] user-manage import-policy policy1 from ldap
[sysname-import-policy1] server basedn dc=test,dc=com
[sysname-import-policy1] server searchdn ou=werygh,ou=r&d,dc=test,dc=com