No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

OceanStor 9000 V5 7.0 Command Reference 03

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
create domain ldap

create domain ldap

Function

The create domain ldap command is used to set the LDAP domain in the system.

Format

create domain ldap < server > < port > < transfer_type > < base_dn > [ bind_dn=? ] [ user_path=? ] [ group_path=? ] [ netgroup_dn=? ] [ user_search_scope=? ] [ group_search_scope=? ] [ netgroup_search_scope=? ] [ timelimit=? ] [ idle_timelimit=? ] [ bindlevel=? ] [ bind_using_AD_cred=? ] [ bind_timelimit=? ]

Parameters

Parameter

Description

Value

server The IP address of LDAP server.

IPv4 or IPv6 address. such as ip1, ip2, ip3.

port The port of LDAP server.

The port from 1 to 65535. Set the port according to the port ID configured on the LDAP server.

transfer_type LDAP transfer protocol type.

LDAP

LDAPS.

base_dn The base DN of LDAP.

The value consists of 1 to 255 characters, for example, dc=ldap2222, dc=example, dc=com.

bind_dn The bind DN of LDAP.

The value consists of 1 to 255 characters, for example, cn=root, dc=ldap2222, dc=example, dc=com.

user_path User path.

The value consists of 1 to 63 characters.

group_path Group path.

The value consists of 1 to 63 characters.

bind_password Bond Password.

The value consists of 1 to 63 characters.

timelimit Timeout threshold of waiting for a response to an LDAP query request.
The value is an integer ranging from 0 to 2147483647.
NOTE:
"0" indicates no timeout limit.
bind_timelimit Timeout threshold of setting up connections between a client and server.

The value is an integer ranging from 1 to 2147483647.

idle_timelimit Timeout threshold of client connections when the LDAP connection is idle.
The value is an integer ranging from 0 to 2147483647.
NOTE:
A value of 0 means no timeout limit.
netgroup_dn Filter criteria for querying netgroups. If this parameter is not configured, the querying starts from the root directory.

The value is in the format of "cn=?, ou=?, dc=?" and consists of 1 to 1024 characters.

user_search_scope Range for querying the user.

The value can be "subtree", "onelevel", or "base", where:

  • "subtree": queries all items at all levels, including the specified basic DN.
  • "onelevel": queries all items at the next level of the basic DN.
  • "base": only queries items under the basic DN.
netgroup_search_scope Range for querying the netgroup.

The value can be "subtree", "onelevel", or "base", where:

  • "subtree": queries all items at all levels, including the specified basic DN.
  • "onelevel": queries all items at the next level of the basic DN.
  • "base": only queries items under the basic DN.
group_search_scope Range for querying the group.

The value can be "subtree", "onelevel", or "base", where:

  • "subtree": queries all items at all levels, including the specified basic DN.
  • "onelevel": queries all items at the next level of the basic DN.
  • "base": only queries items under the basic DN.
bind_using_AD_cred Whether to use the AD domain account to bind.

The value can be "true" or "false", where:

  • "true": use the AD domain account to bind.
  • "false": does not use the AD domain account to bind.
bindlevel Way of binding the storage array with the LDAP server.

The value can be "simple" or "SASL", where:

  • "simple": simple authentication method.
  • "SASL": SASL authentication method.
bind_using_AD_cred Whether to use the AD domain account to bind.

The value can be "true" or "false", where:

  • "true": use the AD domain account to bind.
  • "false": does not use the AD domain account to bind.

Level

Device administrator

Usage Guidelines

None

Example

Set the LDAP domain in the system.

admin:/>create domain ldap 10.40.25.8 389 LDAP dc=company,dc=com bind_dn=cn=user2,ou=u,dc=company,dc=com group_path=ou=g,dc=company,dc=com user_path=ou=u,dc=company,dc=com timelimit=3 bind_timelimit=2 idle_timelimit=3 netgroup_dn=dc=huawei,dc=com user_search_scope=subtree group_search_scope=subtree netgroup_search_scope=true bind_using_AD_cred=true bindlevel=simple
Please input your password:*****
Please enter your new password again:*****
CAUTION: If you use the LDAP protocol, there may be security risks.
Do you wish to continue?(y/n)y
Command executed successfully.

System Response

None

Translation
Download
Updated: 2019-05-07

Document ID: EDOC1100067955

Views: 25360

Downloads: 7

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next