Oracle® Traffic Director Command-Line Reference 11g Release 1 (11.1.1.7) Part Number E21037-03 |
|
|
PDF · Mobi · ePub |
tadm enable-admin-ldap-auth common_options [--group-search-filter=filter] [--search-filter=filter] [--dc-suffix=suffix] [--group-search-attr=attribute] [--bind-dn=bind_dn] [--auth-expiring-url=url][--timeout=timeout] --ldap-url=ldap:://server:port/dc=acme,dc=com --allow-group=(comma separated list of valid group names)
Use this command to enable the administration server to authenticate against a Lightweight Directory Access Protocol (LDAP) server.
For information about common_options
, run the help command.
--group-search-filter|-o
Specify the search filter to find group memberships for the user. Default value: uniquemember
.
--search-filter|-f
Specify the search filter to find a user. Default value: uid
. You can use the search options to interoperate with Microsoft Active Directory (MSAD). By default, MSAD does not store the user IDs in the usual uid
attribute. Instead, it stores the user IDs in an attribute called samAccountName
. Therefore, when LDAP searches a MSAD directory to find a user, it does not find a match because it attempts to match the uid
attribute. In Oracle Traffic Director, you can set the --search-filter
option to override the MSAD default attribute.
--dc-suffix|-x
Specify a suffix for the LDAP database. This parameter defines the root of the Domain Component (dc) tree and is relative to the base DN in the LDAP URL.
--group-search-attr|-t
Specify the LDAP attribute name that contains group name entries. Default value: CN
.
--bind-dn|-d
Specify the name that the administration server uses to initially bind or log in to the directory server, for example, cn=Directory Manager
. Binding determines the permission level that you are granted for the duration of a connection. The DN supplied in a bind request can be the DN of an alias entry.
--auth-expiring-url|-a
Specify the URL to which the server redirects the request if the password is going to expire soon.
--time-out|-m
Specify the time out option for the LDAP authentication.
--ldap-url|-l
Specify the URL of the LDAP authentication database. The type of authentication database is specified in the URL scheme. The URL format is: ldap://ldaphost:port/<base-dn>
--allow-group|-g
Specify a comma separated list of groups. Users belonging to these groups are allowed to login.
tadm enable-admin-ldap-auth --user=admin --host=admin.example.com --password-file=./admin.passwd --port=8989 --no-prompt rcfile=null --ldap-url=ldap://serverhost.com:3950/dc=xyz,dc=xyz,dc=xyz
The following exit values are returned:
0: command executed successfully
>0: error in executing the command
For more information about exit codes and syntax notations, run the help command.