265
ldap-server
Use ldap-server to specify an LDAP server for a PKI domain.
Use undo ldap-server to remove the configuration.
Syntax
ldap-server host hostname [ port port-number ] [ vpn-instance vpn-instance-name ]
undo ldap-server
Default
No LDAP server is specified for a domain.
Views
PKI domain view
Predefined user roles
network-admin
Parameters
host host-name: Specifies the host name of an LDAP server, a case-sensitive string of 1 to 255 characters.
It can be an IPv4 or IPv6 address or a domain name.
port port-number: Specifies the port number of an LDAP server, in the range of 1 to 65535. The default
setting is 389.
vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the LDAP server belongs,
where the vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the LDAP server
is on the public network, do not specify this option.
Usage guidelines
You must specify an LDAP server in the following cases:
• The device obtains local certificates or peer certificates through the LDAP protocol.
• The device obtains CRLs through the LDAP protocol, but the specified URL of the CRL repository does
not carry the host name.
In a PKI domain, you can specify only one LDAP server. If you configure this command multiple times, the
most recent configuration takes effect.
Examples
# Specify the IP address of the LDAP server as 10.0.0.1.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] ldap-server host 10.0.0.1
# Specify the IP address of the LDAP server as 10.0.0.11, and port number as 333 in the VPN instance
vpn1.
<Sysname> system-view
[Sysname] pki domain aaa
[Sysname-pki-domain-aaa] ldap-server host 10.0.0.11 port 333 vpn-instance vpn1
Related commands
• pki retrieve-certificate
To Next Page
Loading...
Need help?
General
