1. ACLI Reference Guide
  2. ACLI Configuration Elements A-M
  3. ldap-config

ldap-config

Use the ldap-config configuration element to set up LDAP for operation

Path

The ldap-config configuration element is in the session-router element. 

ORACLE# configure terminal
ORACLE(configure)# session-router
ORACLE(session-router)# ldap-config

Parameters

The ldap-config configuration element contains the following parameters:

name

Specifies the name to assign to this LDAP configuration. This is a unique identifier. Valid values are alpha-numeric characters. Default is blank.

state
Specifies whether or not to enable the operational state of the LDAP configuration. When the state is disabled, ESD does not attempt to establish any connection with the corresponding LDAP Server(s). Default is enabled. Valid values are:
  • enabled (default)
  • disabled
ldap-servers
Specifies the IP address(es) and optionally the port number(s) for each LDAP Server(s) you want to add to the LDAP configuration. When more than one server is specified, each server address should be separated by a space and the list enclosed within parentheses. Important detail includes:
  • IP Address must be entered in dotted decimal format (0.0.0.0). Default is blank.
  • Default ports include:
    • 389 (for LDAP over TCP)
    • 636 (LDAP over TLS)
  • The first server listed is considered the primary LDAP Server, and the remaining servers are considered the secondary LDAP Servers.
  • The HUNT strategy is used to determine the active LDAP Server, wherein the system attempts to contact the first LDAP Server; if unreachable, it selects the second LDAP Server; if unreachable, it selects the third LDAP Server, and so forth.
realm
Specifies the name of the realm that determines which network interface to issue an LDAP query. Valid values are alpha-numeric characters. Default is blank.
authentication-mode
Specifies the authentication mode to use in the LDAP bind request. Default is Simple. No specific password encryption is done when sending the bind request. You can use an LDAPS connection with the LDAP Server to maintain security (see ldap-sec-type).
username
Specifies the username that the LDAP bind request uses for authentication before access is granted to the LDAP Server. Valid values are alpha-numeric characters. Default is blank.
password
Specifies the password to be paired with the username attribute, that the LDAP bind request uses for authentication before access is granted to the LDAP Server. Valid values are alpha-numeric characters. Default is blank.
ldap-search-base
Enter the base Directory Number you can use for LDAP search requests. Valid values are alpha-numeric characters. Default is blank.
timeout-limit
Specifies the maximum amount of time, in seconds, for which the ESD waits for LDAP requests from the LDAP server before timing out. When an LDAP response is not received from the LDAP server within the time specified, the request is retried again based on the max-request-timeouts parameter value. Values include:
  • 15 (default)
  • Range is 1 to 300 seconds
max-request-timeouts
Enter the maximum number of times that the LDAP Server is sent LDAP requests before the ESD determines that the server is unreachable and terminates the TCP/TLS connection. When an LDAP response is not received within the time specified for the timeout-limit parameter value, the request is retried the number of times specified for this max-request-timeouts value. Valid values are 0 to 10. Default is 3
  • 3 (default)
  • Range is 0 to 10 iterations
tcp-keepalive
Specifies whether or not the ESD keeps the TCP connection to the LPAD Server alive. Default is disabled. Valid values are:
  • enabled
  • disabled (default)
ldap-sec-type
Specifies the LDAP security type to use when the ESD accesses the LDAP server. This parameter enables the use of LDAP over TLS (LDAPS). If you set a value for this parameter, you must also specify an ldap-tls-profile value. Default is none. Valid values are:
  • none (default) - No LDAP security type specified.
  • ldaps - Method of securing LDAP communication using an SSL tunnel. This is denoted in LDAP URLs. The default port for LDAP over SSL is 636.
ldap-tls-profile
Specifies the name of the Transport Layer Security (TLS) profile that the ESD uses when connecting to the LPAD Server. The ldap-sec-type must be set with an ldaps value for the LDAP configuration to use this profile. Valid values are alpha-numeric characters. Default is blank.
ldap-transactions
Accesses the ldap-transactions subelement.

Path

ldap-config is an element under the session-router path. The full path from the topmost ACLI prompt is: configure terminal , and then session-router , and then ldap-config.

Note:

This is a multi-instance configuration element.