Mobile Policy LDAP Commands

ldap

Configures LDAP parameters.

Privilege Level

Security Administrator, Administrator

Command Mode

Exec > Global Configuration

Syntax

ldap [ replicas replica_count | repository helm_repository ] 

replicas replica_count

Specify the replica count.

Must be an integer.

Default Value: 1.

repository helm_repository

Specify to override Helm repository.

Usage Guidelines

Use this command to configure the LDAP parameters Replica Count and Override Helm Repository.

ldap server-set

Configures the LDAP server set parameters.

Privilege Level

Security Administrator, Administrator

Command Mode

Exec > Global Configuration

Syntax

ldap server-set server_name [ add-child-on-parent-create-failure { false | true } | add-request-attribute attribute_name attribute_value | binds-per-second binds_count | connection connection_address port_number {auto-reconnect { false | true } | bind-timeout-ms bind_timeout_ms | connection-rule FASTEST/ROUND_ROBIN | priority priority_number | timeout-ms timeout } | ignore-ldap-error-result-codes result_code | initial-connections initial_connections | max-connections max_connections | max-failover-connection-age-ms max_failover_connections | missing-attribute-result-code attribute_code | number-consecutive-timeouts-for-bad-connection count_timeout | retry-count retry_count | retry-timer-ms retry_time | use-asynchronous-operations { false | true } ] 

server-set server_name

Specify the name of the LDAP server set.

Must be a string.

initial-connections initial_connections

Specify the initial connections.

Must be an integer.

Default Value: 1.

max-connections max_connections

Specify the maximum number of connections.

Must be an integer.

Default Value: 10.

retry-count retry_count

Specify the retry count.

Must be an integer.

Default Value: 3.

retry-timer-ms retry_timeout

Specify the retry timer timeout period in milliseconds.

Must be an integer.

Default Value: 50.

max-failover-connection-age-ms max_failover_connections

Specify the maximum failover connection age in milliseconds.

Must be an integer.

Default Value: 60000.

binds-per-second binds_count

Specify the number of binds per second.

Must be of type decimal64, with 2 fraction digits.

Default Value: 0.20.

number-consecutive-timeouts-for-bad-connection count_timeouts

Specify the number of consecutive timeouts for bad connection.

Must be an integer.

Default Value: -1.

use-asynchronous-operations { false | true }

Specify to enable or disable using LDAP asynchronous operations.

Must be either "false" or "true".

Default Value: true.

add-child-on-parent-create-failure { false | true }

Specify to enable or disable additions of child on parent creation failure.

Must be either "false" or "true".

Default Value: true.

missing-attribute-result-code result_code

Specify missing attribute result code.

Must be an integer.

Default Value: 0.

ignore-ldap-error-result-codes result_code

Specify to ignore LDAP error result codes.

Must be an integer.

Usage Guidelines

Use this command to configure LDAP server set parameters.

ldap server-set add-request-attribute

Configures the request attribute.

Privilege Level

Security Administrator, Administrator

Command Mode

Exec > Global Configuration

Syntax

add-request-attribute attribute_name attribute_value 

attribute_name

Specify the request attribute name.

Must be a string.

attribute_value

Specify the request attribute value.

Must be a string.

Usage Guidelines

Use this command to configure the request attribute.

ldap server-set connection

Configure the LDAP connection parameters.

Privilege Level

Security Administrator, Administrator

Command Mode

Exec > Global Configuration

Syntax

connection ldap_address port_number { auto-reconnect { false | true } | bind-timeout-ms bind_timeout | connection-rule connection_rule | priority priority_number | timeout-ms timeout } 

ldap_address

Specify the address of the LDAP server.

Must be a string.

connection port_number

Specify the port number of the LDAP server.

Must be an integer.

priority priority_number

Specify the priority of the LDAP server set.

Must be an integer.

Default Value: 100.

connection-rule connection_algorithm

Specify the connection algorithm.

Must be one of the following:

  • FASTEST

  • ROUND_ROBIN

Default Value: ROUND_ROBIN.

auto-reconnect { false | true }

Specify to enable or disable auto reconnect to LDAP hosts.

Must be either "false" or "true".

Default Value: true.

timeout-ms timeout

Specify the timeout period for calls to LDAP in milliseconds.

Must be an integer.

Default Value: 200.

bind-timeout-ms bind_timeout

Specify the timeout period for bind calls to LDAP in milliseconds.

Must be an integer.

Default Value: 2000.

Usage Guidelines

Use this command to configure the LDAP connection parameters.

ldap server-set health-check

Configures the health check parameters.

Privilege Level

Security Administrator, Administrator

Command Mode

Exec > Global Configuration

Syntax

health-check { attributes attribute_string | dn health_check_dn | filter filter_string | interval-ms interval_value } 

interval-ms health_check_interval

Specify the health check interval in milliseconds.

Must be an integer.

Default Value: 5000.

dn health_check_dn

Specify the health check DN.

Must be a string.

filter health_check_filter

Specify the health check filter.

Must be a string.

attributes health_check_attributes

Specify the health check attributes.

Must be a string.

Usage Guidelines

Use this command to configure the health check parameters.

ldap server-set search-user

Enables search user for LDAP.

Privilege Level

Security Administrator, Administrator

Command Mode

Exec > Global Configuration

Syntax

search-user { [ dn user_dn ] [ password user_password ] } 

dn user_dn

Specify the user DN.

Must be a string.

password user_password

Specify the user password.

Must be an aes-cfb-128-encrypted string.

Usage Guidelines

Use this command to enable search user for LDAP.