ldap-server (PKI realm view)

Function

The ldap-server command configures an LDAP server.

The undo ldap-server command cancels the configuration.

By default, no LDAP server is configured.

Format

ldap-server { authentication ldap-dn ldap-password | ip ip-address [ port port | version version ] ^* }

undo ldap-server [ authentication ]

Parameters

Parameter	Description	Value
authentication ldap-dn ldap-password	Indicates the user name and password of an LDAP server.	ldap-dn: The value is a string of 1 to 32 case-sensitive characters. ldap-password: The value is a string of 1 to 32 case-sensitive characters without spaces or question marks. If the character string is enclosed in double quotation marks, it can contain spaces and question marks. The system saves this string to the configuration file in ciphertext. A string of 1-16 characters is converted into a 48-byte cipher-text string; a string of 17-32 characters is converted into a 68-byte cipher-text string.
ip ip-address	Specifies the IP address of an LDAP server.	The value is in dotted decimal notation.
port port	Specifies the port number of an LDAP server.	The value is an integer that ranges from 1 to 65535. The default value is 389.
version version	Specifies the version number of LDAP.	The value is 2 or 3. The default value is 3.

Views

PKI realm view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When a PKI entity uses LDAP to update CRL for certificate verification, the PKI entity obtains CRL from the LDAP server. In this situation, you need to specify an LDAP server.

Prerequisites

The automatic CRL update mode is set to LDAP using the crl ldap command.

Example

# Configure the IP address to 10.1.1.1, port number to 3389, and LDAP version number to 2 for an LDAP server.

<sysname> system-view
[sysname] pki realm d1
[sysname-pki-realm-d1] crl ldap
[sysname-pki-realm-d1] ldap-server ip 10.1.1.1 port 3389 version 2