mkldapserver

Use the mkldapserver command to display the data used to create a Lightweight Directory Access Protocol (LDAP) server.

Syntax

mkldapserver -ipip_address [ -nameserver_name ] [ -portport ] [ -sslcertfile_name ] [ -basednbase_dn ] [ -preferred ]

Parameters

-ipip_address
(Required) Specifies the server IP address (Internet Protocol Version 4 or 6).
-nameserver_name
(Optional) Specifies the LDAP server name.
-portport
(Optional) Specifies the LDAP server port. The default value (if you do not specify a value) is 389. If you specify TLS security the value is 389 and if you specify SSL security the value is 636.
-sslcertfile_name
(Optional) Set the SSL certificate.
-basednbase_dn
(Optional) Use the base distinguished name for search.
-preferred
(Optional) Specifies that this server is preferred over other configured LDAP servers.

Description

Important: During normal operation, LDAP requests are sent to -preferred servers depending on availability. If no servers are marked as -preferred, LDAP requests are sent to configured servers based on availability.
If -sslcert is specified, the server certificate is verified while authenticating.
Note: The SSL certificate must exist on the current node.

The -basedn parameter indicates the distinguished name (DN) to use as a base from which to search for users in the LDAP directory. If Transport Layer Security (TLS) is enabled and -sslcert is specified, the server certificate is verified during authentication. The secure socket layer (SSL) certificate must exist on the node being used, otherwise a server certificate is not checked.

The system must be configured with an appropriate version IP address when -ip is specified. The IP address specified with the -ip parameter must be of a version supported by the system. The certificate file must be in valid PEM format and have a maximum length of 12 kilobytes.

Distinguished names must be a sequence of attribute=value pairs separated by a comma (,), semi-colon(;), or plus sign (+) escaping special characters with a backslash (\) where appropriate, and specified UTF-8 characters using their byte encoding. For example, \, for commas or \C4\87 for the UTF-8 character c acute.

This command runs whether or not LDAP authentication is enabled.

Remember: There is a maximum of six configured LDAP servers. Attempting to create a seventh LDAP server returns an error.

An invocation example

mkldapserver -ip 192.135.60.3

The resulting output:

LDAP Server, id [0], successfully created