ad-server authentication manager

Function

The ad-server authentication manager command configures the administrator DN and password of an AD authentication server.

The undo ad-server authentication manager command deletes the administrator DN and password of an AD authentication server.

By default, no administrator DN and password are configured for an AD authentication server.

Format

ad-server authentication manager manager-dn password [ repassword ]

undo ad-server authentication manager

Parameters

Parameter	Description	Value
manager-dn	Specifies the administrator DN of an AD authentication server.	When manager-dn does not contain spaces, the value is a string of 1 to 180 characters. When manager-dn contains spaces, the value is a string of 3 to 182 characters and must be enclosed in double quotation marks (""), for example, "cn=test manager,cn=users". This parameter must be used together with the ad-server authentication manager-with-base-dn enable command. For example, if the administrator account is under Base DN example.com and belongs to the users group, set the administrator DN to either of the following values: cn=administrator,cn=users if ad-server authentication manager-with-base-dn enable is configured cn=administrator,cn=users,dc=example,dc=com if undo ad-server authentication manager-with-base-dn enable is configured NOTE: The value supports multiple languages, including ASCII characters such as the English and non-ASCII characters such as Chinese, German, and French. You can use a command editor of the GBK or UTF-8 encoding format to edit characters. For details about how to switch the encoding format of the system and related precautions, see the language character-set utf-8 command. The encoding format used by the client through which users access the network needs to be the same as that used by the device. Otherwise, users may fail to go online or the user name is displayed as garbled characters. After the encoding format is switched, if the user names of some users among the original online users contain non-ASCII characters, these user names are displayed as garbled characters.
password	Specifies the administrator password of an AD authentication server.	The value is a string of 1 to 31 characters in simple text or 68 characters in cipher text. The simple text string cannot contain & or ". The system saves this string to the configuration file in cipher text. A simple text string of 1 to 16 characters is converted into a 48-byte cipher text string; a simple text string of 17 to 31 characters is converted into a 68-byte cipher text string. NOTE: For security purposes, it is recommended that the administrator password meet the minimum complexity requirements. That is, it needs to contain at least three types of the following characters: uppercase letters, lowercase letters, digits (0 to 9), and special characters such as exclamation points (!), at signs (@), number signs (#), dollar signs ($), and percent signs (%), and contain at least 8 characters.
repassword	Re-enters the administrator password.	The value must be the same as that of password.

Views

AD server template view

Default Level

3: Management level

Usage Guidelines

To configure the administrator DN and password of an AD authentication server, run the ad-server authentication manager command. If the ad-server authentication manager-anonymous enable command has been executed to allow anonymous access to the AD server, the configuration will be deleted after the ad-server authentication manager command is run.

Example

# Set the administrator DN and password of an AD authentication server to cn=manager and YsHsjx_202206, respectively.

<sysname> system-view
[sysname] ad-server template temp1
[sysname-ad-temp1] ad-server authentication manager cn=manager YsHsjx_202206 YsHsjx_202206