wlan ldap-server
wlan ldap-server <server-name>
admin-dn <domain-name>
admin-password <password>
base-dn <base_domain-name>
deadtime <time>
filter <filter>
key-attribute <key-attribute>
ip <IP-address>
port <port-name>
timeout <seconds>
retry-count <count>
no...
Description
This command configures a Lightweight Directory Access Protocol (LDAP) server for user authentication on the Virtual Controller.
Syntax
|
Command/Parameter |
Description |
Range |
Default |
| wlan ldap-server <server-name> |
Configures an LDAP authentication server. |
— | — |
| admin-dn <domain-name> |
Configures a distinguished name for the administrator with read and search privileges across all the entries in the LDAP database. The user need not have write privileges, but the user must be able to search the database, and read attributes of other users in the database. |
— | — |
| admin-password <password> |
Configures a password for administrator. |
— | — |
| base-dn <base-domain-name> |
Configures a distinguished name for the node which contains the entire user database. |
— | — |
| deadtime <time> |
Configures a dead time interval for the authentication server. When two or more authentication servers are configured on the IAP and a server is unavailable, the dead time configuration determines the duration for which the authentication server would be available if the server is marked as unavailable. |
1—1440 minutes | 5 |
| filter <filter> |
Configures the filter to apply when searching for a user in the LDAP database. |
strings | (objectclass=*) |
| key-attribute <key-attribute> |
Configures the attribute to use as a key when searching for the LDAP server. For Active Directory, the value is sAMAccountName |
— | — |
| ip <IP-address> | Configures the IP address of the LDAP server. | — | — |
| port <port> | Configures the authorization port number of the LDAP server. | — | 389 |
| timeout <seconds> | Configures a timeout value for LDAP requests from the clients | 1-30 seconds | 5 |
| retry-count <count> |
Defines the number of times that the clients can attempt to connect to the server. |
1-5 | 3 |
| no… |
Removes the configuration. |
— | — |
Usage Guidelines
Use this command to configure an LDAP server as an external authentication server. The LDAP service is based on a client-server model. The IAP client requests for an LDAP session after connecting to the LDAP server and server sends its responses.
Example
The following example configures an LDAP server:
(Instant AP)(config)# wlan ldap-server Server1
(Instant AP)(LDAP Server <name>)# ip 192.0.1.5
(Instant AP)(LDAP Server <name>)# port 389
(Instant AP)(LDAP Server <name>)# admin-dn cn=admin
(Instant AP)(LDAP Server <name>)# admin-password password123
(Instant AP)(LDAP Server <name>)# base-dn dc=example, dc=com
(Instant AP)(LDAP Server <name>)# filter (objectclass=*)
(Instant AP)(LDAP Server <name>)# key-attribute sAMAccountName
(Instant AP)(LDAP Server <name>)# timeout 5
(Instant AP)(LDAP Server <name>)# retry-count 3
(Instant AP)(LDAP Server <name>)# end
(Instant AP)# commit apply
Command History
|
Version |
Description |
|
Aruba Instant 6.2.1.0-3.3 |
This command is introduced. |
Command Information
|
IAP Platform |
Command Mode |
|
All platforms |
Configuration mode and LDAP server sub-mode. |