Phone Lines icon GFI Support Home Sign in
Start a conversation
  1. GFI Support
  2. GFI Support - Interface
  3. Articles

Exinda CLI: LDAP

Overview

 

This article provides information regarding the CLI command ldap

You can use the ldap command to configure the Exinda appliance to authenticate user login attempts with a remote LDAP (including Active Directory) server.

 

Information

 

NOTE:  The following syntax convention is used:
  • {}: Options are enclosed in braces and are separated by '|'
  • []: Optional keywords are enclosed in brackets
  • <>: User input is required where variables are enclosed in greater-than and less-than symbols

The following table describes the commands used for performing common actions related to ldap:

 

Action Description

 Command Parameter Description

To configure the LDAP user search base

 ldap base-dn <string> Not Applicable 

To configure the distinguished name (DN) to bind to the server

 ldap bind-dn <string> Not Applicable 

To specify the password for binding to the server

 ldap base-password <string> Not Applicable 
To specify the name of the group membership attribute ldap group-attribute {<string>|member|uniqueMember}
  • group-attribute <string> - Specify a custom attribute name
  • group-attribute member - groupOfNames of group membership attribute
  • group-attribute uniqueMember - groupOfUniqueNames membership attribute

To specify the distinguished name of the group required for authentication

 ldap group-dn <string> Not Applicable 

To specify the hostname or IP address of the LDAP server

 ldap host <hostname or IP address>

host <hostname or IP address> - IPv4 and IPv6 addresses can be used.
To specify the attribute that contains the login name ldap login-attribute {<string>|uid|sAMAccountName}
  • login-attribute <string> - Specify a custom attribute name
  • login-attribute uid - LDAP login name
  • login-attribute sAMAccountName - Active Directory login name

To specify the port of the LDAP server

 ldap port Not Applicable 

To enable LDAP referrals

 ldap referrals Not Applicable 
To specify to scope of the LDAP search ldap scope {one-level|subtree}
  • scope one-level - Search only the object's immediate children
  • scope subtree - Search all descendants
To configure the SSL (Secure Sockets Layer) and TLS (Transport Layer Security) settings ldap ssl {cert-verify|mode {none|ssl|tls}|ssl-port}
  • ssl cert-verify - Enable LDAP SSL/TLS certificate verification
  • ssl mode none - Do not use SSL or TLS to secure LDAP
  • ssl mode ssl - Secure LDAP using SSL over the SSL port
  • ssl mode tls - Secure LDAP using TLS over the default server port
  • ssl ssl-port <port> - Set the LDAP SSL port number

To specify the number of seconds before LDAP times out for binding to a server

 ldap timeout-bind <seconds> Not Applicable 

To specify the number of seconds before a search for user information on the LDAP server times out

 ldap timeout-search <seconds> Not Applicable 
To configure the supported version of LDAP ldap version {2|3}
  • version 2 - LDAP version 2 and earlier
  • version 3 - LDAP version 3 and current LDAP/Active Directory servers

 

Find more CLI commands.

Back to Top

 

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments