LDAP

Options for authenticating with LDAP servers.

  • Servers - The LDAP servers to use.

Properties

Protocol

The protocol to use when communicating with the LDAP server.

OptionLabelDescription
rawLDAP (raw TCP)Connect to the LDAP server with raw TCP. Conventionally, LDAP servers accept connections on port 389.
start-tlsLDAP (StartTLS)Connect to the LDAP server with raw TCP and upgrade to a TLS connection using StartTLS. Conventionally, LDAP servers accept connections on port 389.
tlsLDAPS (TLS)Connect to the LDAP server with TLS encryption. Conventionally, LDAP servers accept connections on port 636.
  • Data type: string select
  • Default: raw
  • Configuration
  • Required

CLI: (cli)> config auth method <index> ldap protocol

Client key

The private key used for the TLS session.

  • Data type: string
  • Configuration
  • Optional

CLI: (cli)> config auth method <index> ldap client-key

Client certificate

The certificate used to identify this device to the LDAP server.

  • Data type: string
  • Configuration
  • Optional

CLI: (cli)> config auth method <index> ldap client-certificate

Verify server

Options to perform server verification.

OptionLabelDescription
noDo not verify serverNo server verification will be performed.
root-caRoot CA certificateVerify server using public root CA certificates.
certificateCustom certificateVerify server using a custom certificate.
  • Data type: string select
  • Default: no
  • Configuration
  • Required

CLI: (cli)> config auth method <index> ldap verify-server

Server certificate

The LDAP server's certificate, or the certificate used to sign the server's certificate.

  • Data type: string
  • Configuration
  • Required

CLI: (cli)> config auth method <index> ldap server-certificate

Bind DN

Authenticate with the LDAP server using this user DN.

Leave empty to bind anonymously.

  • Data type: string
  • Configuration
  • Optional

CLI: (cli)> config auth method <index> ldap bind-dn

Bind password

The password associated with the bind user.

  • Data type: string
  • Configuration
  • Optional

CLI: (cli)> config auth method <index> ldap bind-password

Search base

E.g. "dc=example,dc=org"

  • Data type: string
  • Configuration
  • Required

CLI: (cli)> config auth method <index> ldap search-base

User attribute

User attribute to use with this server.

  • Data type: string
  • Default: uid
  • Configuration
  • Required

CLI: (cli)> config auth method <index> ldap user-attribute

Group attribute

Group attribute to use with this server.

  • Data type: string
  • Default: ou
  • Configuration
  • Required

CLI: (cli)> config auth method <index> ldap group-attribute

Timeout

Timeout before moving to the next server.

  • Data type: integer
  • Units: seconds
  • Default: 5
  • Configuration
  • Required

CLI: (cli)> config auth method <index> ldap timeout