ldap-config
Use the ldap-config configuration element to set up LDAP for operation
Path
The ldap-config configuration element is in the session-router element.
ORACLE# configure terminal
ORACLE(configure)# session-router
ORACLE(session-router)# ldap-config
Parameters
The ldap-config configuration element contains the following parameters:
- name
-
Specifies the name to assign to this LDAP configuration. This is a unique identifier. Valid values are alpha-numeric characters. Default is blank.
- state
- Specifies whether or not to enable the operational state of the LDAP
configuration. When the state is disabled, ESD does not attempt to establish
any connection with the corresponding LDAP Server(s). Default is enabled.
Valid values are:
- enabled (default)
- disabled
- ldap-servers
- Specifies the IP address(es) and optionally the port number(s) for each LDAP Server(s) you want to add to the LDAP configuration. When more than one server is specified, each server address should be separated by a space and the list enclosed within parentheses. Important detail includes:
- realm
- Specifies the name of the realm that determines which network interface to issue an LDAP query. Valid values are alpha-numeric characters. Default is blank.
- authentication-mode
- Specifies the authentication mode to use in the LDAP bind request. Default is Simple. No specific password encryption is done when sending the bind request. You can use an LDAPS connection with the LDAP Server to maintain security (see ldap-sec-type).
- username
- Specifies the username that the LDAP bind request uses for authentication before access is granted to the LDAP Server. Valid values are alpha-numeric characters. Default is blank.
- password
- Specifies the password to be paired with the username attribute, that the LDAP bind request uses for authentication before access is granted to the LDAP Server. Valid values are alpha-numeric characters. Default is blank.
- ldap-search-base
- Enter the base Directory Number you can use for LDAP search requests. Valid values are alpha-numeric characters. Default is blank.
- timeout-limit
- Specifies the maximum amount of time, in seconds, for which the
ESD waits for LDAP requests from the LDAP server before timing out. When an
LDAP response is not received from the LDAP server within the time
specified, the request is retried again based on the max-request-timeouts
parameter value. Values include:
- 15 (default)
- Range is 1 to 300 seconds
- max-request-timeouts
- Enter the maximum number of times that the LDAP Server is sent
LDAP requests before the ESD determines that the server is unreachable and
terminates the TCP/TLS connection. When an LDAP response is not received
within the time specified for the timeout-limit parameter value, the request
is retried the number of times specified for this max-request-timeouts
value. Valid values are 0 to 10. Default is 3
- 3 (default)
- Range is 0 to 10 iterations
- tcp-keepalive
- Specifies whether or not the ESD keeps the TCP connection to
the LPAD Server alive. Default is disabled. Valid values are:
- enabled
- disabled (default)
- ldap-sec-type
- Specifies the LDAP security type to use when the ESD accesses
the LDAP server. This parameter enables the use of LDAP over TLS (LDAPS). If
you set a value for this parameter, you must also specify an
ldap-tls-profile value. Default is none. Valid values are:
- none (default) - No LDAP security type specified.
- ldaps - Method of securing LDAP communication using an SSL tunnel. This is denoted in LDAP URLs. The default port for LDAP over SSL is 636.
- ldap-tls-profile
- Specifies the name of the Transport Layer Security (TLS) profile that the ESD uses when connecting to the LPAD Server. The ldap-sec-type must be set with an ldaps value for the LDAP configuration to use this profile. Valid values are alpha-numeric characters. Default is blank.
- ldap-transactions
- Accesses the ldap-transactions subelement.
Path
ldap-config is an element under the session-router path. The full path from the topmost ACLI prompt is: .
Note:
This is a multi-instance configuration element.