ZyWALL Series CLI Reference Guide
477
55.2.6 aaa group server ldap Commands
The following table lists the aaa group server ldap commands you use to configure a group of
LDAP servers.
[no] server search-time-limit
time
Sets the search timeout period (in seconds). Enter a number
between 1 and 300. The no command clears this setting and set
this to the default setting of 5 seconds.
[no] server ssl
Enables the Zyxel Device to establish a secure connection to the
AD server. The no command disables this feature.
Table 271 aaa group server ad Commands (continued)
COMMAND DESCRIPTION
Table 272 aaa group server ldap Commands
COMMAND DESCRIPTION
clear aaa group server ldap
[group-name]
Deletes all LDAP server groups or the specified LDAP server group.
Note: You can NOT delete a server group that is currently
in use.
show aaa group server ldap group-
name
Displays the specified LDAP server group settings.
[no] aaa group server ldap group-
name
Sets a descriptive name for an LDAP server group. Use this
command to enter the sub-command mode.
The no command deletes the specified server group.
aaa group server ldap rename
group-name group-name
Changes the descriptive name for an LDAP server group.
aaa group server ldap group-name
Enter the sub-command mode.
[no] case-sensitive
Specify whether or not the server checks the username case. Set
this to be the same as the server’s behavior.
[no] server alternative-cn-
identifier uid
Sets the second type of identifier that the users can use to log in if
any. For example “name” or “e-mail address”. The
no command
clears this setting.
[no] server basedn basedn
Sets the base DN to point to the LDAP directory on the LDAP
server group. The
no command clears this setting.
[no] server binddn binddn
Sets the user name the Zyxel Device uses to log into the LDAP
server group. The no command clears this setting.
[no] server cn-identifier uid
Sets the user name the Zyxel Device uses to log into the LDAP
server group. The no command clears this setting.
[no] server description
description
Sets the descriptive information for the LDAP server group. You
can use up to 60 printable ASCII characters. The no command
clears this setting.
[no] server group-attribute
group-attribute
Sets the name of the attribute that the Zyxel Device is to check to
determine to which group a user belongs. The value for this
attribute is called a group identifier; it determines to which group
a user belongs. You can add ext-group-user user objects to
identify groups based on these group identifier values.
For example you could have an attribute named “memberOf”
with values like “sales”, “RD”, and “management”. Then you
could also create an ext-group-user user object for each group.
One with “sales” as the group identifier, another for “RD” and a
third for “management”. The
no command clears the setting.
[no] server host ldap_server
Enter the IP address (in dotted decimal notation) or the domain
name of an LDAP server to add to this group. The
no command
clears this setting.
To Next Page
Loading...
