CONFIG LDAP EXTERNAL

Level

admin,modify

History

firewallid Appears in Netasq 6.0.0
cndn Appears in Netasq 6.2.3
protectchars Appears in 6.3.0
readonly Appears in Netasq 9.0.0
serversdn and serversfilter Appears in Netasq 9.0.0
GroupSchema appears in 1.2.0
realbind and FullAdminDN appear in 3.0.0
protectchars removed in 3.4.0
pageSize appears in 4.4.0
serversfilter, confdn, serversdn removed in 4.4.0

Description

Specify parameters for an external LDAP server

Usage

domainname=<domain> basedn=<Base DN> host=<Host IP> [port=<Port>] [backuphost=<host IP> [backupport=<Port>]]
[user=<LDAP User> [password=<LDAP password>]] [auth=Simple|SSL] [cacert=<certname>]
[usersdn=<users dn>] [groupsdn=<groups dn>]
[usersfilter=<LDAP filter for users>]
[groupsfilter=<LDAP filter for groups>]
[cndn=0|1] [readonly=0|1] [groupschema=groupofmember|posixgroup] [realbind=on|off] [FullAdminDN=0|1] [pageSize=<LDAP page size>]

Returns

Error code

Remark

Internal LDAP base will be destroyed if exists.
usersdn and groupsdn are required for (resp) users and groups creation.
cacert use external CA to check the LDAP server certificate (in SSL mode)
With SSL mode, the server host name MUST exist in DNS and match certifcate subject name.
Default value for GroupSchema is GroupOfMember.

Example

CONFIG LDAP EXTERNAL domainname=external basedn="o=stormshield,dc=fr" host="ldap.intranet.int" user="cn=StormshieldAdmin" password="LDAPadmin"
CONFIG LDAP EXTERNAL domainname=external basedn="o=stormshield,dc=fr" host="ldap.intranet.int" user="cn=StormshieldAdmin" password="LDAPadmin" auth=SSL cacert="trust_ca"
CONFIG LDAP EXTERNAL domainname=ororo.munroe basedn="o=stormshield,dc=eu" host="ldap.ororo.int" user="cn=StormshieldAdmin" password="adminadmin" realbind=off