Configuring ldap-config

You use the ldap-config object in the ACLI to create and enable an LDAP configuration on the ESD.

To configure ldap-config:

  1. In Superuser mode, type configure terminal and press Enter. 
    ACMEPACKET# configure terminal
  2. Type session-router and press Enter to access the session router-related objects. 
    ACMEPACKET(configure)# session-router
ACMEPACKET(session-router)#
  3. Type ldap-config and press Enter to access the LDAP configuration-related attributes. 
    ACMEPACKET(session-router)# ldap-config
ACMEPACKET(ldap-config)#
    • name—Enter a name to assign to this LDAP configuration. This is a unique identifier. Valid values are alpha-numeric characters. Default is blank.

      XML Tag: name 

      ACMEPACKET(ldap-config)# name ldapquery
    • state—Specify whether or not to enable the operational state of the LDAP configuration. When the state is disabled, ESD does not attempt to establish any connection with the corresponding LDAP Server(s). Default is enabled. Valid values are:
      • enabled (default)
      • disabled

      XML Tag: state 

      ACMEPACKET(ldap-config)# state enabled
    • ldap-servers—Enter the IP address(es) and optionally the port number(s) for each LDAP Server(s) you want to add to the LDAP configuration. When more than one server is specified, each server address should be separated by a space and the list enclosed within parentheses. The first server listed is considered the primary LDAP Server, and the remaining servers are considered the secondary LDAP Servers. The HUNT strategy is used to determine the active LDAP Server (where the ESD selects the first LDAP Server; if unreachable, it selects the second LDAP Server; it that is unreachable, it selects the third LDAP Server, etc.). Default ports used are 389 (for LDAP over TCP) and 636 (LDAP over TLS). IP Address must be entered in dotted decimal format (0.0.0.0). Default is blank.

      XML Tag: ldapServers 

      ACMEPACKET(ldap-config)# ldap-servers (172.44.0.20:636 172.44.0.21:389)
    • realm—Enter the name of the realm that determines which network interface to issue an LDAP query. Valid values are alpha-numeric characters. Default is blank.

      XML Tag: realm 

      ACMEPACKET(ldap-config)# realm net172
    • authentication-mode—Specify the authentication mode to use in the LDAP bind request. Default is Simple. No specific password encryption is done when sending the bind request. You can use an LDAPS connection with the LDAP Server to maintain security (see ldap-sec-type).

      XML Tag: authType 

      ACMEPACKET(ldap-config)# authentication-mode Simple
    • username—Enter the username that the LDAP bind request uses for authentication before access is granted to the LDAP Server. Valid values are alpha-numeric characters. Default is blank.

      XML Tag: username 

      ACMEPACKET(ldap-config)# username ENGLAB\Administrator
    • password—Enter the password to be paired with the username attribute, that the LDAP bind request uses for authentication before access is granted to the LDAP Server. Valid values are alpha-numeric characters. Default is blank.

      XML Tag: password 

      ACMEPACKET(ldap-config)# password sips1234
    • ldap-search-base—Enter the base Directory Number you can use for LDAP search requests. Valid values are alpha-numeric characters. Default is blank.

      XML Tag: ldapSearchBase 

      ACMEPACKET(ldap-config)# ldap-search-base CN=Users,DC=englab,DC=acmepacket,DC=com
    • timeout-limit—Enter the maximum amount of time, in seconds, for which the ESD waits for LDAP requests from the LDAP server before timing out. When an LDAP response is not received from the LDAP server within the time specified, the request is retried again based on the max-request-timeouts parameter value. Valid values are 1 to 300 seconds. Default is 15.

      XML Tag: timeLimit 

      ACMEPACKET(ldap-config)# timeout-limit 0
    • max-request-timeouts—Enter the maximum number of times that the LDAP Server is sent LDAP requests before the ESD determines that the server is unreachable and terminates the TCP/TLS connection. When an LDAP response is not received within the time specified for the timeout-limit parameter value, the request is retried the number of times specified for this max-request-timeouts value. Valid values are 0 to 10. Default is 3.

      XML Tag: maxReqTimeouts 

      ACMEPACKET(ldap-config)# max-request-timeouts 3
    • tcp-keepalive—Specify whether or not the ESD keeps the TCP connection to the LPAD Server alive. Default is disabled. Valid values are:
      • enabled
      • disabled (default)

      XML Tag: tcpKeepalive 

      ACMEPACKET(ldap-config)# tcp-keepalive enabled
    • ldap-sec-type—Specify the LDAP security type to use when the ESD accesses the LDAP server. This parameter enables the use of LDAP over TLS (LDAPS). If you set a value for this parameter, you must also specify an ldap-tls-profile value. Default is none. Valid values are:
      • none (default) - No LDAP security type specified.
      • ldaps - Method of securing LDAP communication using an SSL tunnel. This is denoted in LDAP URLs. The default port for LDAP over SSL is 636.

      XML Tag: ldapSecType 

      ACMEPACKET(ldap-config)# ldap-sec-type ldaps
    • ldap-tls-profile—Enter the name of the Transport Layer Security (TLS) profile that the ESD uses when connecting to the LPAD Server. The ldap-sec-type must be set with an ldaps value for the LDAP configuration to use this profile. Valid values are alpha-numeric characters. Default is blank.

      XML Tag: ldapTLSProfile 

      ACMEPACKET(ldap-config)# ldap-tls-profile ldap-tls
    • ldap-transactions—Subelement to ldap-config. For more information on this element, see Configuring ldap-transactions.

      XML Tag: ldapTransaction 

      ACMEPACKET(ldap-config)# ldap-transactions
ACMEPACKET(ldap-transactions)#

    XML Example for ldap-config 

    <ldapConfig name='ldapquery'
		state='enabled'
		ldapServers='172.44.0.20:636'
		realm='net172'
		authType='Simple'
		username='ENGLAB\Administrator'
		password='sips1234'
		ldapSearchBase='CN=Users,DC=englab,DC=acmepacket,DC=com'
		timeLimit='0'
		maxReqTimeouts='3'
		tcpKeepalive='enabled'
		ldapSecType='LDAPS'
		ldapTlsProfile='ldap-tls'
		lastModifiedBy='admin@console'
		lastModifiedDate='2012-06-28 20:25:13'
		objectId='102'>
		<key>ldapquery</key>
</ldapConfig>
Previous
Previous 		Next
Next
Go To Table Of Contents
Contents