This command adds a new LDAP server entry. During authentication the LDAP client (the switch) uses the configured server details to authenticate the user. In LDAP, DN is the distinguished name, which is a unique name for an entry in the directory service.
| Default | port = 389, timeout = 5 seconds, enable-ssl = false |
| Format | ldap-server host { ipv4-address | ipv6-address | host-name } [enable-ssl] [rootDN dnString [password passwd]] [ port tcp-port [ timeout seconds ]] |
| Mode | Global Config |
Example: The following examples configure various LDAP server parameters.
(switch) (Config)#ldap-server host 10.130.84.11 port 389 timeout 10 (switch) (Config)#ldap-server host 10.130.84.11 rootDN cn=admin,dc=fp,dc=lancom,dc=in password test (switch) (Config)#ldap-server host 10.130.84.12 enable-ssl
Example: If SSL is enabled for a server, proper root CA certificates need to be installed on the device. This can be done by using copy command with the nvram:root-ca-certs option.
(switch)#copy scp://jdoe@192.168.25.12/cacert.pem nvram:root-ca-certs
