-name | Type the IP addresses or hostnames of the primary directory servers to use for authentication. The values you type depends on the format of the subject field entry in each directory server's certificate. Typically, this requires a hostname. Type the LDAP IP addresses or hostnames as a comma-separated string. If IP addresses are specified, the DNS Server for the LDAP domain must be configured with a reverse lookup so that it provides the FQDN for the specified IP addresses. |
-autoDiscoveryEnabled | Specify to direct the system to obtain the LDAP server addresses or hostnames using DNS. DNS must be configured for this option to take effect.
NOTE:-autoDiscoveryEnabled is the default if you do not specify either
-name or
-autoDiscoveryEnabled.
|
-domain | Type the domain name for the LDAP server. |
-port | Type the port number used by the directory server for LDAP communications. By default, LDAP uses port 389, and LDAP over an SSL uses port 636. For forest-level authentication, specify port 3268 for LDAP or port 3269 for LDAPS. |
-protocol | Type whether the LDAP protocol uses SSL for secure network communication. SSL provides encryption and authentication capabilities. SSL encrypts data over the network and provides message and server authentication. Value is one of the following:
- ldap (default) — LDAP without SSL.
- ldaps — LDAP with SSL.
|
-certFilePath | Path to (filename of) the trusted certificate file used for one way server authentication.
NOTE:If the value of
-protocol is
ldaps, this qualifier is required.
|
-bindDn | Type the distinguished name (DN) for a user with administrator privileges on the LDAP Server. The DN can be expressed in several formats. For example:
cn=Administrator,cn=Users,dc=mycompany,dc=com
Administrator@mycompany.com
mycompany.com/Administrator
|
-bindPasswd | Type the password to be used for binding to the LDAP server. This is the password for the user specified in the
Bind DN attribute. It is required when the
-bindDn qualifier is included. |
-bindPasswdSecure | Specifies the password in secure mode - the user will be prompted to input the password. |
-userSearchPath | Type the path to search for users on the directory server. For example: ou=People,dc=lss,dc=emc,dc=com.
NOTE:On an Active Directory server, a default search path is used.
|
-groupSearchPath | Type the path to search for groups on the directory server. For example: uid=<name>,ou=people,dc=<domaincomponent>,or dc=<domain component>.
NOTE:On an Active Directory server, a default search path is used.
|
-userIdAttr | Type the name of the LDAP attribute whose value indicates the user ID. Default value is
uid. |
-groupNameAttr | Type the name of the LDAP attribute whose value indicates the group name. Default value is
cn.
|
-userObjectClass | Type the LDAP object class for users. Default value is
user. In Active Directory, groups and users are stored in the same hierarchical directory path and the class is called
group.
|
-groupObjectClass | Type the LDAP object class for groups. Default value is
group. In Active Directory, groups and users are stored in the same directory path and the class is called
group.
|
-groupMemberAttr | Name of the LDAP attribute whose value contains names of group members within a group. Default value is
member. |
-timeout | Type the timeout for the LDAP server in milliseconds. If the system does not receive a reply from the LDAP server after the specified timeout, it stops sending requests. Default is 10000 milliseconds, or 10 seconds.
|