You can repeat the following CLI command to add more than one LDAP server.
<host> is the IP address or host name of the LDAP server.
<port> is the port number assigned for communication with the LDAP server.
<ldap_type> is one of the LDAP server types:
openldap – OpenLDAP server.
activeDirectory – Microsoft Active Directory.
<security> is one of the security options:
none – No security.
startTls – StartTLS.
tls – TLS
<bind_type> is one of the bind options:
anonymouseBind – Enable the anonymous Bind. Bind DN and password are not required.
authenticatedBind – Enable the Bind with authentication. Bind DN and password are required.
<base_DN> is the base DN for search.
<login_name_att> is the login name attribute.
<user_entry_class> is the User Entry Object Class.
You can add one or multiple optional parameters, such as specifying the Bind DN or certificate upload, to an LDAP-server-adding command. If adding multiple optional parameters, add them to the end of the command and separate them with a space.
When you add a new LDAP successfully, a list of all LDAP servers appears, including the newly-added one.
At the config:# prompt, type authentication ldap add op‑ldap.company.com 389 openldap none anonymousBind dc=company,dc=com uidinetOrgPerson, and press Enter.
Example 2 Add a Microsoft Active Directory ServerAt the config:# prompt, type authentication ldap add ac‑ldap.company.com 389 activeDirectory none anonymousBind dc=company,dc=com sAMAccountNameuseradDomain company.com, and press Enter.
Example 3 Add a An LDAP Server with a TLS Certificate UploadedAt the config:# prompt, type authentication ldap add ldap.company.com 389 openldap startTls ... inetOrgPerson verifyServerCertificate true, and press Enter.
Optional Parameters
|
<filter> is the user search subfilter you specify.
<bind_DN> is bind DN.
<AD_domain> is the Active Directory Domain.
<verify_cert> is one of the options:
true – Enable the verification of the LDAP server certificate.
false – Disable the verification of the LDAP server certificate.
<allow_exp_cert> is one of the options:
true – Certificates that are either expired or not valid yet are all accepted.
false – Only valid certificates are accepted.
At the config:# prompt, type authentication ldap add <host> <port> <ldap_type> <security> <bind_type> <base_DN> <login_name_att> <user_entry_class> adDomain <AD_domain>, and press Enter.
Example 5 Set up an LDAP Server with the Bind DNAt the config:# prompt, type authentication ldap add <host> <port> <ldap_type> <security> <bind_type> <base_DN> <login_name_att> <user_entry_class> bindDN <bind_DN>, and press Enter. When prompted, type or copy the certificate content in the CLI, and press Enter.
Note: The certificate's content is located between the line containing "BEGIN CERTIFICATE" and the line containing "END CERTIFICATE".
Example 6 Set up An LDAP server with the bind DN and bind password configuredAt the config:# prompt, type authentication ldap add op‑ldap.company.com 389 openldap none authenticatedBind cn=Manager,dc=company,dc=com uid inetOrgPerson bindDN user@company.com, and press Enter. When prompted, type the bind DN password, and press Enter. Re-type the same password.