Chapter 44 AAA Server
ZyWALL / USG (ZLD) CLI Reference Guide
294
44.2.6 aaa group server ldap Commands
The following table lists the aaa group server ldap commands you use to configure a group of
LDAP servers.
[no] server alternative-cn-
identifier uid
Sets the second type of identifier that the users can use to log in if any. For
example “name” or “e-mail address”. The
no command clears this setting.
[no] server basedn basedn Sets the base DN to point to the AD directory on the AD server group. The
no command clears this setting.
[no] server binddn binddn Sets the user name the ZyWALL / USG uses to log into the AD server group.
The no command clears this setting.
[no] server cn-identifier uid Sets the user name the ZyWALL / USG uses to log into the AD server group.
The no command clears this setting.
[no] server description
description
Sets the descriptive information for the AD server group. You can use up to
60 printable ASCII characters. The no command clears the setting.
[no] server group-attribute
group-attribute
Sets the name of the attribute that the ZyWALL / USG is to check to
determine to which group a user belongs. The value for this attribute is
called a group identifier; it determines to which group a user belongs. You
can add ext-group-user user objects to identify groups based on these group
identifier values.
For example you could have an attribute named “memberOf” with values
like “sales”, “RD”, and “management”. Then you could also create an ext-
group-user user object for each group. One with “sales” as the group
identifier, another for “RD” and a third for “management”. The
no command
clears the setting.
[no] server host ad_server Enter the IP address (in dotted decimal notation) or the domain name of an
AD server to add to this group. The
no command clears this setting.
[no] server password password Sets the bind password (up to 15 alphanumerical characters). The no
command clears this setting.
[no] server port port_no Sets the AD port number. Enter a number between 1 and 65535. The default
is 389. The no command clears this setting.
[no] server search-time-limit
time
Sets the search timeout period (in seconds). Enter a number between 1 and
300. The no command clears this setting and set this to the default setting
of 5 seconds.
[no] server ssl Enables the ZyWALL / USG to establish a secure connection to the AD
server. The no command disables this feature.
Table 177 aaa group server ad Commands (continued)
COMMAND DESCRIPTION
Table 178 aaa group server ldap Commands
COMMAND DESCRIPTION
clear aaa group server ldap [group-
name]
Deletes all LDAP server groups or the specified LDAP server group.
Note: You can NOT delete a server group that is currently in use.
show aaa group server ldap group-name Displays the specified LDAP server group settings.
[no] aaa group server ldap group-name Sets a descriptive name for an LDAP server group. Use this command to
enter the sub-command mode.
The no command deletes the specified server group.
aaa group server ldap rename group-
name group-name
Changes the descriptive name for an LDAP server group.
aaa group server ldap group-name Enter the sub-command mode.
To Next Page
Loading...
