ldap-server host
Configures an LDAP server to connect for
external or remote authentication.
Syntax
ldap-server host
[
use-vrf
{
mgmt-vrf
|
default-vrf
|vrf-name
}
]
ldap-server host
{
ipaddr
|
hostname
}
[
port
portnum
]
[
ldaps
][
domain
basedn
]
[
timeout
secs
]
[
retries
num
]
ldap-server host
{
ipaddr
|
hostname
}[source-interface
{
ethernet
eth-id
|
loopback
loopback-id
|
management
mgmt-addr
|
ve
ve-id
}
]
no ldap-server
host{
ipaddr
|
hostname
}[source-interface
{
ethernet
eth-id
|
loopback
loopback-id
|
management
mgmt-addr
|
ve
ve-id
}
]
no ldap-server
host
{
ipaddr
|
hostname
}
[use-vrf
vrf-name ]
Command Default
By default, the LDAP server is not configured.
Parameters
-
use-vrf
- Specifies a VRF though which to communicate
with the LDAP server.
-
mgmt-vrf
- (Default)
Specifies the management VRF.
-
default-vrf
- Specifies the
default-vrf.
- vrf-name
- Specifies a VRF
name.
-
ipaddr
|
hostname
- Specifies the IPv4 or IPv6 address or host
name of the LDAP server. IPv6 is supported for Windows 2008 AD server only.
The maximum supported length for the LDAP host name is 40 characters.
-
port
portnum
- Specifies the TCP port used to connect the
LDAP server for authentication. The port range is from 1024 through 65535.
By default, port 389 is used for the startTLS method and port 636 is used
for LDAP over TLS.
- ldaps
- Specifies that LDAP over TLS is to be used instead of startTLS.
-
domain
basedn
- Describes the base domain name of the host.
-
timeout
secs
- Specifies the wait time for a server to
respond. The range is 1 through 60 seconds. The default is 5 seconds.
-
retries
num
- Specifies the number of retries for the
server connection. The range is 0 through 100. The default is 5.
- source-interface
- Indicates the type of interface to use as the source interface or address.
- ethernet
eth-id
- Specifies the Ethernet interface to use as the source interface,
in slot/port format (0/1).
- loopback
loopback-id
- Specifies the Loopback interface to use as the source
interface.
- management
mgmt-addr
- Specifies the management address (active MM or chassis IP) to
use as the source address.
- ve
ve-id
- Specifies the VE interface to use as the source interface.
Modes
Global configuration mode
Usage Guidelines
Use this command to set up or change a
connection to the Lightweight Directory Access Protocol (LDAP) server host. A
maximum of 5 LDAP servers can be configured on a device.
Use the no ldap-server host
form of the command to delete the server configuration.
When a source interface is not specified, the default source is the IP address of the
interface from which the packet egresses.
If, at run time, the source interface is not up or the IP address for the source
interface was not configured, the command behaves as though the source interface was
not configured.
Invoking no on an attribute sets
the attribute with its default value.
Examples
This example adds an LDAP server on port 3890
with retries set to 3.
device(config)# ldap-server host 10.24.65.6
device(config-host-10.24.65.6/mgmt-vrf)# domain sec.extreme.com port 3890 retries 3
This example changes the domain in an existing
configuration.
device(config)# ldap-server host 10.24.65.6
device(config-host-10.24.65.6/mgmt-vrf)# domain security.extreme.com
This example deletes an LDAP server.
device(config)# no ldap-server host 10.24.65.6
This example resets the retries attribute to the
default value.
device(config)# ldap-server host 10.24.65.6
device(config-host-10.24.65.6/mgmt-vrf)# no retries
This example shows how attributes that hold
default values are not displayed.
device(config-host-10.24.65.6/mgmt-vrf)# do show running-config ldap-server host 10.24.65.6
ldap-server host 10.24.65.6 use-vrf mgmt-vrf
port 3890 retries 3 timeout 8 basedn security.extreme.com
This example configures an Ethernet interface as the source
interface.
device(config)# ldap-server host 10.1.1.100
device(config-host-10.1.1.100/mgmt-vrf)# source-interface ethernet 0/1
This example configures a VE interface as the source
interface.
device(config)# ldap-server host 10.1.1.100
device(config-host-10.1.1.100/mgmt-vrf)# source-interface ve 10
