Name | Synopsis | Description | Options | Examples | Exit Status | See Also
enable-admin-ldap-auth <connect_options> [--echo|-e] [--no-prompt|-Q] [--verbose|-v] [--auth-expiring-url|-a url] [--bind-dn|-b binddn] [--bind-password|-b bindpw] [--group-search-filter|-o filter] [--search-filter|-f filter] [--group-search-attr|-t attr] [--dc-suffix|-x suffix] [--allow-group|-g group names] --ldap-url|-l ldap://server:port/dc=acme,dc=com
Use this command to enable the administration server to authenticate against a Lightweight Directory Access Protocol (LDAP) server.
For a description of connect_options, see help(1).
Specify this option to print this command on the standard output before running it. This option also prints the default value for all the optional options for which you did not provide values.
If you specify this option, wadm does not prompt for passwords while running this command. Use this option if you have defined all passwords in a password file and specified the file using the --password-file connect_option.
Specify this option to display a verbose output.
Specify the URL to which the server redirects the request if the password is going to expire soon.
Specify the name that the administration server uses to initially bind (or log in) to the directory server, for example, cn=Directory Manager. Binding determines the permission level you are granted for the duration of a connection. The DN supplied in a bind request can be the DN of an alias entry.
Specify the password for authentication. You can define the --bind-password|-b in a password file.
Specify the search filter to find group memberships for the user. The default value is uniquemember.
Specify the search filter to find a user. The default value is uid. You can use the search options to interoperate with Microsoft Active Directory (MSAD). By default, MSAD does not store the user ids in the usual uid attribute. Instead, it stores the user ids in an attribute called samAccountName. Therefore, when LDAP searches a MSAD directory to find a user, it does not find a match because it attempts to match on the uid attribute. In Web server 7.0 or higher, you can set the --search-filter option to override the MSAD default attribute.
Specify the LDAP attribute name that contains group name entries. The default value is CN.
Specify a suffix for the LDAP database.
Specify a comma separated list of groups. Users belonging to these groups are allowed to login.
Specify the URL of the LDAP authentication database. The type of authentication database is specified in the URL scheme.
wadm enable-admin-ldap-auth --user=admin --host=serverhost --password-file=../admin.passwd --port=8989 --ssl=true --no-prompt rcfile=null --ldap-url=ldap://serverhost.com:3950/dc=xyz,dc=xyz,dc=xyz --bind-dn=cn="Directory Manager" |
wadm enable-admin-ldap-auth --user=admin --host=serverhost --password-file=../admin.passwd --port=8989 --ssl=true --ldap-url=ldap://serverhost:port/dc=acme,dc=com --allow-group="group1,group2,group3" |
The following exit values are returned:
command executed successfully
error in executing the command
Name | Synopsis | Description | Options | Examples | Exit Status | See Also