ldap-server host

Configures an LDAP-server host.

Syntax

ldap-server host [ use-vrf vrf-name ]

ldap-server host { ipaddr | FQDN } [ port portnum ] [ domain basedn ] [ timeout secs ] [ retries num ]

no ldap-server host { ipaddr | FQDN } [ use-vrf vrf-name ]

Command Default

Timeout: 5 seconds
Port: 389 (startTLS method) or 636 (for LDAP over TLS)
Retries: 5

Parameters

use-vrf vrf-name: Specifies a VRF though which to communicate with the LDAP server. See the Usage Guidelines.
ipaddr | FQDN: Specifies the IPv4 address or Fully Qualified Domain name of the Active Directory (AD) server. IPv6 is supported for Windows 2008 AD server only. The maximum supported length for the LDAP host name is 40 characters.
port portnum: Specifies the TCP port used to connect the AD server for authentication. The port range is from 1024 through 65535.
domain basedn: Describes the base domain name of the host.
timeout secs: Specifies the wait time for a server to respond. The range is 1 through 60 seconds.
retries num: Specifies the number of retries for the server connection. The range is 0 through 100.

Modes

Global configuration mode

Usage Guidelines

Use this command to sets up a connection to the Lightweight Directory Access Protocol (LDAP) server host, or modifies an existing configuration. A maximum of 5 LDAP servers can be configured on a device.

Enter no ldap-server host to delete the server configuration.

Invoking no on an attribute sets the attribute with its default value.

By default, all management services are enabled on the management VRF ("mgmt-vrf") and the default VRF ("default-vrf").

Examples

This example adds an LDAP server on port 3890 with retries set to 3.

device(config)# ldap-server host 10.24.65.6 
device(config-host-10.24.65.6/mgmt-vrf)# domain sec.extreme.com port 3890 retries 3

This example changes the domain in an existing configuration.

device(config)# ldap-server host 10.24.65.6
 device(config-host-10.24.65.6/mgmt-vrf)# domain security.extreme.com

This example deletes an LDAP server.

device(config)# no ldap-server host 10.24.65.6

This example resets the retries attribute to the default value.

device(config)# ldap-server host 10.24.65.6 
device(config-host-10.24.65.6/mgmt-vrf)# no retries

This example shows how attributes holding default values are not displayed.

device(config-host-10.24.65.6/mgmt-vrf)# do show running-config ldap-server host 10.24.65.6
ldap-server host 10.24.65.6 use-vrf mgmt-vrf
port 3890 retries 3 timeout 8 basedn security.extreme.com