chldapserver

Use the chldapserver command to modify a Lightweight Directory Access Protocol (LDAP) server.

Syntax

 chldapserver    [  -ip  ip_address  ] [  -name  server_name  ] [  -port  port  ] { [  -sslcert  file_name  ] | [  -nosslcert  ] } { [  -basedn  base_dn  ] | [  -nobasedn  ] } [  -preferred  {  yes  |   no  } ] {  ldap_server_id  |  ldap_server_name  }  

Parameters

-ipip_address
(Optional) Specifies the server IP address (Internet Protocol Version 4 or 6).
-nameserver_name
(Optional) Specifies the LDAP server name.
-portport
(Optional) Specifies the LDAP server port.
-sslcertfile_name | -nosslcert
(Optional) Set (-sslcert) or clear (-nosslcert) the secure socket layer (SSL) certificate.
-basednbase_dn | -nobasedn
(Optional) Use the base distinguished name (DN) for search (-nobasedn indicates to use the default DN).
-preferredyes | no
(Optional) Specifies whether the server is preferred over other configured LDAP servers (or not preferred).
ldap_server_id |ldap_server_name
(Required) Specifies the LDAP server ID or name.

Description

Important: During normal operation, LDAP requests are sent to -preferred servers depending on availability. If no servers are marked as -preferred, LDAP requests are sent to configured servers based on availability.

If -sslcert is specified, the server certificate is verified while authenticating. The SSL certificate must exist on the current node. If -nosslcert is specified, any certificate file is deleted and the server certificate is not checked.

The -basedn parameter indicates the distinguished name (DN) to use as a base from which to search for users in the LDAP directory. If Transport Layer Security (TLS) is enabled and -sslcert is specified, the server certificate is verified during authentication. The secure socket layer (SSL) certificate must exist on the node being used. Otherwise, a server certificate is not checked.

The clustered system (system) must be configured with an appropriate version IP address when -ip is specified. The IP address specified with the -ip parameter must be of a version supported by the system. The certificate file must be in valid PEM format and have a maximum length of 12 kilobytes.

Distinguished names must be a sequence of attribute=value pairs separated by a comma (,), semi-colon(;), or plus sign (+) escaping special characters with \ where appropriate, and specified UTF-8 characters using their byte encoding. For example, , for commas or \C4\87 for the UTF-8 character c acute.

This command runs whether or not LDAP authentication is enabled.

Remember: There can be a maximum of six configured LDAP servers. If you attempt to create a seventh LDAP server an error is returned.

An invocation example with basic server details

chldapserver -ip 192.135.60.3 -port 400 ldapserver0

The resulting output:

No feedback

An invocation example specifying an SSL certificate

chldapserver -sslcert /tmp/activedirectorycert.pem 0

The resulting output:

No feedback

An invocation example to remove an SSL certificate

chldapserver -nosslcert 0

The resulting output:

No feedback
Parent topic: User management commands
Related reference
chauthservice
chcurrentuser
chldap
chuser
chusergrp
lscurrentuser
lsldap
lsldapserver
lsuser
lsusergrp
mkldapserver
mkuser
mkusergrp
rmldapserver
rmuser
rmusergrp
testldapserver