tadm enable-admin-ldap-auth common_options [--group-search-filter=filter] [--search-filter=filter] [--dc-suffix=suffix] [--group-search-attr=attribute] [--bind-dn=bind_dn] [--auth-expiring-url=url][--timeout=timeout] --ldap-url=ldap:://server:port/dc=acme,dc=com --allow-group=(comma separated list of valid group names)
Use this command to enable the administration server to authenticate against a Lightweight Directory Access Protocol (LDAP) server.
For information about common_options, run the help command.
--group-search-filter|-oSpecify the search filter to find group memberships for the user. Default value: uniquemember.
--search-filter|-fSpecify the search filter to find a user. Default value: uid. You can use the search options to interoperate with Microsoft Active Directory (MSAD). By default, MSAD does not store the user IDs in the usual uid attribute. Instead, it stores the user IDs in an attribute called samAccountName. Therefore, when LDAP searches a MSAD directory to find a user, it does not find a match because it attempts to match the uid attribute. In Oracle Traffic Director, you can set the --search-filter option to override the MSAD default attribute.
--dc-suffix|-xSpecify a suffix for the LDAP database. This parameter defines the root of the Domain Component (dc) tree and is relative to the base DN in the LDAP URL.
--group-search-attr|-tSpecify the LDAP attribute name that contains group name entries. Default value: CN.
--bind-dn|-dSpecify the name that the administration server uses to initially bind or log in to the directory server, for example, cn=Directory Manager. Binding determines the permission level that you are granted for the duration of a connection. The DN supplied in a bind request can be the DN of an alias entry.
--auth-expiring-url|-aSpecify the URL to which the server redirects the request if the password is going to expire soon.
--time-out|-mSpecify the time out option for the LDAP authentication.
--ldap-url|-lSpecify the URL of the LDAP authentication database. The type of authentication database is specified in the URL scheme. The URL format is: ldap://ldaphost:port/<base-dn>
--allow-group|-gSpecify a comma separated list of groups. Users belonging to these groups are allowed to login.
tadm enable-admin-ldap-auth --user=admin --host=admin.example.com --password-file=./admin.passwd --port=8989 --no-prompt rcfile=null --ldap-url=ldap://serverhost.com:3950/dc=xyz,dc=xyz,dc=xyz
The following exit values are returned:
0: command executed successfully
>0: error in executing the command
For more information about exit codes and syntax notations, run the help command.