Use the mkldapserver command to display the data used to create a Lightweight Directory Access Protocol (LDAP) server.


mkldapserver -ipip_address [ -nameserver_name ] [ -portport ] [ -sslcertfile_name ] [ -basednbase_dn ] [ -preferred ]


(Required) Specifies the server IP address (Internet Protocol Version 4 or 6).
(Optional) Specifies the LDAP server name.
(Optional) Specifies the LDAP server port. The default value (if you do not specify a value) is 389. If you specify TLS security the value is 389 and if you specify SSL security the value is 636.
(Optional) Set the SSL certificate.
(Optional) Use the base distinguished name for search.
(Optional) Specifies that this server is preferred over other configured LDAP servers.


Important: During normal operation, LDAP requests are sent to -preferred servers depending on availability. If no servers are marked as -preferred, LDAP requests are sent to configured servers based on availability.
If -sslcert is specified, the server certificate is verified while authenticating.
Note: The SSL certificate must exist on the current node.

The -basedn parameter indicates the distinguished name (DN) to use as a base from which to search for users in the LDAP directory. If Transport Layer Security (TLS) is enabled and -sslcert is specified, the server certificate is verified during authentication. The secure socket layer (SSL) certificate must exist on the node being used, otherwise a server certificate is not checked.

The system must be configured with an appropriate version IP address when -ip is specified. The IP address specified with the -ip parameter must be of a version supported by the system. The certificate file must be in valid PEM format and have a maximum length of 12 kilobytes.

Distinguished names must be a sequence of attribute=value pairs separated by a comma (,), semi-colon(;), or plus sign (+) escaping special characters with a backslash (\) where appropriate, and specified UTF-8 characters using their byte encoding. For example, \, for commas or \C4\87 for the UTF-8 character c acute.

This command runs whether or not LDAP authentication is enabled.

Remember: There is a maximum of six configured LDAP servers. Attempting to create a seventh LDAP server returns an error.

An invocation example

mkldapserver -ip

The resulting output:

LDAP Server, id [0], successfully created