The ldap-server authentication command configures an LDAP authentication server.
The undo ldap-server authentication command deletes an LDAP authentication server.
By default, no LDAP authentication server is configured.
ldap-server authentication ip-address [ port-number ] [ secondary | third ] [ no-ssl | ssl ]
undo ldap-server authentication [ secondary | third ]
| Parameter | Description | Value |
|---|---|---|
ip-address |
Specifies the IP address of an LDAP authentication server. |
The value is in dotted decimal notation. |
port-number |
Specifies the port number of an LDAP authentication server. |
The value is an integer that ranges from 1 to 65535. The default value is 389. If the ssl parameter is specified, the default value is 636. The port number must be the same as that on the LDAP server. NOTE:
If the ssl parameter is specified, the default value 636 is used if the configured port number is 389. |
secondary |
Indicates the secondary LDAP authentication server. |
- |
third |
Indicates the third LDAP authentication server. |
- |
no-ssl |
Indicates that the device communicates with the LDAP server using LDAP. |
- |
ssl |
This parameter must be specified when the LDAP authentication between the device and LDAP server uses LDAP over SSL. The device uses a CA certificate to authenticate the LDAP server. |
- |
During LDAP authentication, LDAP is used in interaction between the device and LDAP server. The LDAP data transmission is not encrypted. For security purposes, you can use LDAP based on SSL for encrypted transmission. LDAP server certificates need to be imported into the device to authenticate the LDAP server.
During LDAP authentication, LDAP is used in interaction between the device and LDAP server. LDAP data is not encrypted during transmission. For security purposes, you can specify the ssl parameter to enable SSL and use LDAP over SSL for encrypted transmission. If no-ssl or ssl is not specified, ssl is used by default. When ssl is deployed, LDAP over SSL must be enabled on the LDAP server. For details, see the operating system guide of the LDAP server.
# Configure the primary LDAP authentication server.
<sysname> system-view [sysname] ldap-server template temp1 [sysname-ldap-temp1] ldap-server authentication 10.1.1.1 389 no-ssl
<sysname> system-view [sysname] ldap-server template temp1 [sysname-ldap-temp1] ldap-server authentication 10.1.1.1 636 ssl