Associating PCF with LDAP
This section describes how to associate PCF with LDAP.
When you configure PCF environment to interact with a defined LDAP, PCF must connect to the LDAP server using a trusted authentication method. This method is known as binding. PCF uses the binding information while making LDAP queries to retrieve the required subscriber information from the LDAP server.
config
product pcf
ldap replicas replica_count
ldap server-set server_set
search-user dn cn=username,dc=C ntdb
search-user password
health-check interval-ms interval
initial-connections connection_count
max-connections maximum_connections
retry-count retry_count
retry-timer-ms retry_time
max-failover-connection-age-ms maximum_failover
binds-per-second binds
number-consecutive-timeout-for-bad-connection consecutive_timeout
connection ip_address
priority priority
connection-rule connection_type
auto-reconnect [ true | false ]
timeout-ms timeout
bind-timeout-ms bind_timeout
end
NOTES:
-
product pcf —Enters the PCF configuration mode.
-
ldap replicas replica_count —Specify the LDAP replica count. Depending on the count, the LDAP pods are created.
-
ldap server-set server_set —Specify the LDAP server set details.
-
search-user dn cn=username, dc=C ntdb —Specify the domain details.
-
search-user password —Specify the password.
-
health-check interval-ms interval —Specify the interval at which the health check should be initiated.
-
initial-connections connection_count —Specify the number of connections that can be attempted initially.
-
max-connections maximum_connections —Specify the maximum number of connections at any point of time.
-
retry-count retry_count —Specify the number of retries that the PCF Engine must attempt on a timeout.
-
retry-timer-ms retry_time —Specify the interval after which the PCF Engine must reattempt.
-
max-failover-connection-age-ms maximum_failover —Specify the maximum number of connection failures after which failover must happen
-
binds-per-second binds —Specify the interval in seconds for the bind operation.
-
number-consecutive-timeout-for-bad-connection consecutive_timeout —Specify the number of bad connections after which the timeout occurs.
-
connection ip_address —Specify the IPv4/IPv6 address of the LDAP server that attempts the connection.
-
priority priority —Specify the priority of the connection.
-
connection-rule connection_type—Specify the connection type. The default rules are "Fastest" or "Round Robin".
-
auto-reconnect [ true | false ] —Specify if the auto-connect capability should be enabled or disabled.
-
timeout-ms timeout—Specify the period between the LDAP client or endpoint when the timeout must happen.
-
bind-timeout-ms bind_timeout—Specify the bind timeout.