CONFIG LDAP EXTERNAL

Level

admin+modify

History

firewallid Appears in 6 0 0
cndn Appears in 6 2 3
protectchars Appears in 6 3 0
readonly Appears in 9 0 0
serversdn and serversfilter Appears in 9 0 0
GroupSchema appears in 1 2 0
realbind and FullAdminDN appear in 3 0 0
protectchars removed in 3 4 0

Description

Specify parameters for an external LDAP server

Usage

domainname=<domain> basedn=<Base DN> host=<Host IP> [port=<Port>] [backuphost=<host IP> [backupport=<Port>]]
[user=<LDAP User> [password=<LDAP password>]] [auth=Simple|SSL] [cacert=<certname>]
[usersdn=<users dn>] [serversdn=<servers dn>] [groupsdn=<groups dn>] [confdn=<config dn>]
[usersfilter=<LDAP filter for users>] [serversfilter=<LDAP filter for servers>]
[groupsfilter=<LDAP filter for groups>]
[cndn=0|1] [readonly=0|1] [groupschema=groupofmember|posixgroup] [realbind=on|off] [FullAdminDN=0|1]

Returns

Error code

Remark

Internal LDAP base will be destroyed if exists
usersdn, groupsdn and confdn are required for (resp) users, groups and configs creation
cacert use external CA to check the LDAP server certificate (in SSL mode)
With SSL mode, the server host name MUST exist in DNS and match certifcate subject name
Default value for GroupSchema is GroupOfMember

Example

CONFIG LDAP EXTERNAL domainname=external basedn="o=stormshield,dc=fr" host="ldap intranet int" user="cn=StormshieldAdmin" password="LDAPadmin"
CONFIG LDAP EXTERNAL domainname=external basedn="o=stormshield,dc=fr" host="ldap intranet int" user="cn=StormshieldAdmin" password="LDAPadmin" auth=SSL cacert="trust_ca"
CONFIG LDAP EXTERNAL domainname=ororo munroe basedn="o=stormshield,dc=eu" host="ldap ororo int" user="cn=StormshieldAdmin" password="adminadmin" realbind=off