Skip Headers
Oracle® Traffic Director Command-Line Reference
11g Release 1 (11.1.1.7)
Part Number E21037-03
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us
Go to previous page
Previous		 Go to next page
Next
PDF · Mobi · ePub

enable-admin-ldap-auth

Syntax

tadm enable-admin-ldap-auth common_options [--group-search-filter=filter] [--search-filter=filter] [--dc-suffix=suffix]
[--group-search-attr=attribute] [--bind-dn=bind_dn] [--auth-expiring-url=url][--timeout=timeout] --ldap-url=ldap:://server:port/dc=acme,dc=com --allow-group=(comma separated list of valid group names)

Description

Use this command to enable the administration server to authenticate against a Lightweight Directory Access Protocol (LDAP) server.

Options

For information about common_options, run the help command.

--group-search-filter|-o

Specify the search filter to find group memberships for the user. Default value: uniquemember.

--search-filter|-f

Specify the search filter to find a user. Default value: uid. You can use the search options to interoperate with Microsoft Active Directory (MSAD). By default, MSAD does not store the user IDs in the usual uid attribute. Instead, it stores the user IDs in an attribute called samAccountName. Therefore, when LDAP searches a MSAD directory to find a user, it does not find a match because it attempts to match the uid attribute. In Oracle Traffic Director, you can set the --search-filter option to override the MSAD default attribute.

--dc-suffix|-x

Specify a suffix for the LDAP database. This parameter defines the root of the Domain Component (dc) tree and is relative to the base DN in the LDAP URL.

--group-search-attr|-t

Specify the LDAP attribute name that contains group name entries. Default value: CN.

--bind-dn|-d

Specify the name that the administration server uses to initially bind or log in to the directory server, for example, cn=Directory Manager. Binding determines the permission level that you are granted for the duration of a connection. The DN supplied in a bind request can be the DN of an alias entry.

--auth-expiring-url|-a

Specify the URL to which the server redirects the request if the password is going to expire soon.

--time-out|-m

Specify the time out option for the LDAP authentication.

--ldap-url|-l

Specify the URL of the LDAP authentication database. The type of authentication database is specified in the URL scheme. The URL format is: ldap://ldaphost:port/<base-dn>

--allow-group|-g

Specify a comma separated list of groups. Users belonging to these groups are allowed to login.

Example

tadm enable-admin-ldap-auth --user=admin --host=admin.example.com
 --password-file=./admin.passwd --port=8989 
--no-prompt
 rcfile=null --ldap-url=ldap://serverhost.com:3950/dc=xyz,dc=xyz,dc=xyz

Exit Codes

The following exit values are returned:

0: command executed successfully

>0: error in executing the command

For more information about exit codes and syntax notations, run the help command.

See Also

help, disable-admin-ldap-auth, get-admin-ldap-auth-prop

Go to previous page
Previous		 Go to next page
Next
Go to Documentation Home
Home		 Go to Book List
Book List		 Go to Table of Contents
Contents		 Go to Index
Index		 Go to Feedback page
Contact Us