Add an LDAP Server

Language:

You can repeat the following CLI command to add more than one LDAP server.

Note - If any LDAP server settings are identical to an existing LDAP server, you can add it by copying the existing one, instead of using the ldap add command.

To add an LDAP server, at the config:# prompt, type authentication ldap add <host> <port> <ldap_type> <security> <bind_type> <base_DN> <login_name_att> <user_entry_class> "Optional Parameters", and press Enter.
<host> is the IP address or host name of the LDAP server.

<port> is the port number assigned for communication with the LDAP server.

<ldap_type> is one of the LDAP server types:
- openldap – OpenLDAP server.
- activeDirectory – Microsoft Active Directory.
<security> is one of the security options:
- none – No security.
- startTls – StartTLS.
- tls – TLS
<bind_type> is one of the bind options:
- anonymouseBind – Enable the anonymous Bind. Bind DN and password are not required.
- authenticatedBind – Enable the Bind with authentication. Bind DN and password are required.
<base_DN> is the base DN for search.

<login_name_att> is the login name attribute.

<user_entry_class> is the User Entry Object Class.

Note - Optional Parameters are one or more parameters. They are required only when the server settings need to specify these parameters. For example, if you set the <bind_type> to authenticatedBind, add the parameter bindDN.
You can add one or multiple optional parameters, such as specifying the Bind DN or certificate upload, to an LDAP-server-adding command. If adding multiple optional parameters, add them to the end of the command and separate them with a space.

When you add a new LDAP successfully, a list of all LDAP servers appears, including the newly-added one.
Verify all settings of a newly-added server.

Example 1 Add an OpenLDAP Server

At the config:# prompt, type authentication ldap add op‑ldap.company.com 389 openldap none anonymousBind dc=company,dc=com uidinetOrgPerson, and press Enter.

Example 2 Add a Microsoft Active Directory Server

At the config:# prompt, type authentication ldap add ac‑ldap.company.com 389 activeDirectory none anonymousBind dc=company,dc=com sAMAccountNameuseradDomain company.com, and press Enter.

Example 3 Add a An LDAP Server with a TLS Certificate Uploaded

At the config:# prompt, type authentication ldap add ldap.company.com 389 openldap startTls ... inetOrgPerson verifyServerCertificate true, and press Enter.

Optional Parameters

Optional Parameter	Description
userSearchSubfilter <filter>	User search subfilter.
bindDN <bind_DN>	System prompts you to enter and re-confirm the bind password after adding the bind DN parameter to the command.
adDomain <AD_domain>	Active Directory Domain name.
verifyServerCertificate <verify_cert>	After setting Certificate verification to true, the system prompts you to upload a certificate.
allowExpiredCertificate <allow_exp_cert>	Whether to accept expired or not valid yet certificate.

<filter> is the user search subfilter you specify.

<bind_DN> is bind DN.

<AD_domain> is the Active Directory Domain.

<verify_cert> is one of the options:

true – Enable the verification of the LDAP server certificate.
false – Disable the verification of the LDAP server certificate.

<allow_exp_cert> is one of the options:

true – Certificates that are either expired or not valid yet are all accepted.
false – Only valid certificates are accepted.

Example 4 Specify an Active Directory Domain Name

At the config:# prompt, type authentication ldap add <host> <port> <ldap_type> <security> <bind_type> <base_DN> <login_name_att> <user_entry_class> adDomain <AD_domain>, and press Enter.

Example 5 Set up an LDAP Server with the Bind DN

At the config:# prompt, type authentication ldap add <host> <port> <ldap_type> <security> <bind_type> <base_DN> <login_name_att> <user_entry_class> bindDN <bind_DN>, and press Enter. When prompted, type or copy the certificate content in the CLI, and press Enter.

Note: The certificate's content is located between the line containing "BEGIN CERTIFICATE" and the line containing "END CERTIFICATE".

Example 6 Set up An LDAP server with the bind DN and bind password configured

At the config:# prompt, type authentication ldap add op‑ldap.company.com 389 openldap none authenticatedBind cn=Manager,dc=company,dc=com uid inetOrgPerson bindDN user@company.com, and press Enter. When prompted, type the bind DN password, and press Enter. Re-type the same password.