CONFIG LDAP EXTERNAL

Level

admin+modify

History

firewallid Appears in 6.0.0
cndn Appears in 6.2.3
protectchars Appears in 6.3.0
readonly Appears in 9.0.0
serversdn and serversfilter Appears in 9.0.0
GroupSchema appears in 1.2.0
realbind and FullAdminDN appear in 3.0.0
protectchars removed in 3.4.0

Description

Specify parameters for an external LDAP server

Usage

domainname=<domain> basedn=<Base DN> host=<Host IP> [port=<Port>] [backuphost=<host IP> [backupport=<Port>]]
[user=<LDAP User> [password=<LDAP password>]] [auth=Simple|SSL] [cacert=<certname>]
[usersdn=<users dn>] [serversdn=<servers dn>] [groupsdn=<groups dn>] [confdn=<config dn>]
[usersfilter=<LDAP filter for users>] [serversfilter=<LDAP filter for servers>]
[groupsfilter=<LDAP filter for groups>]
[cndn=0|1] [readonly=0|1] [groupschema=groupofmember|posixgroup] [realbind=on|off] [FullAdminDN=0|1]

Returns

Error code

Remark

Internal LDAP base will be destroyed if exists.
usersdn, groupsdn and confdn are required for (resp) users, groups and configs creation.
cacert use external CA to check the LDAP server certificate (in SSL mode)
With SSL mode, the server host name MUST exist in DNS and match certifcate subject name.
Default value for GroupSchema is GroupOfMember.

Example

CONFIG LDAP EXTERNAL domainname=external basedn="o=stormshield,dc=fr" host="ldap.intranet.int" user="cn=StormshieldAdmin" password="LDAPadmin"
CONFIG LDAP EXTERNAL domainname=external basedn="o=stormshield,dc=fr" host="ldap.intranet.int" user="cn=StormshieldAdmin" password="LDAPadmin" auth=SSL cacert="trust_ca"
CONFIG LDAP EXTERNAL domainname=ororo.munroe basedn="o=stormshield,dc=eu" host="ldap.ororo.int" user="cn=StormshieldAdmin" password="adminadmin" realbind=off