LDAP over TLS

Lightweight Directory Access Protocol (LDAP) is used in Authentication, Accounting, and Authorization (AAA) server environments that consist of a centralized authentication server and multiple Network Access Servers (NAS) or clients. With LDAP support, management of SLX devices integrates seamlessly into these environments.

Transport Layer Security (TLS) is cryptographic protocol to provide communication security between client and server applications that communicate with each other over the network.

The certificate revocation status of the LDAP over TLS (LDAPS) client can be checked using OCSP. LDAPS protects communication when it is established.

By default, LDAPS uses port 636.

Support for LDAPS replaces support for startTLS mode. Consider the following as you use LDAPS:
Table 1. Related commands
Command Function
ldap-server host Configures an LDAP server to connect for external or remote authentication. The ldaps option specifies that LDAP over TLS is to be used.
ldap-server source-interface Configures the LDAP server on specific VRF with source interface.
crypto import Imports the Identity Certificate for security configuration. The ldapca option specifies that LDAP over TLS is to be used.
cipherset ldap Displays the confirmation of LDAP cipher list configured successfully message and displays the cipher list.
show cipherset Displays the configured LDAP cipher list.