Manage LDAP/AD
Use the following CLI commands to manage Lightweight Directory Access Protocol (LDAP) user settings.
Get LDAP Settings
Get the current connection settings for the LDAP/AD server(s).
Command
syscli ‑‑get ldapsettings
Example Output
LDAP/AD = enabled
Primary Server = ldap7.test-sqa.com
Alternate Server =
Protocol = starttls
Port = 389
Schema = rfc2307bis
Principal(DN) = uid=admin,ou=People,dc=quantum-sqa,dc=com
User DN = ou=People,dc=quantum-sqa,dc=com
Viewer Group = cn=dxiuser,ou=Group,dc=quantum-sqa,dc=com
Admin Group = cn=sysadmin,ou=Group,dc=quantum-sqa,dc=com
Set LDAP Settings
Configure the LDAP/AD connection settings to the primary and alternate LDAP/AD servers.
Command
syscli --set ldapsettings [--ldap on|off] [--primaryserver <pserver>] [--altserver <aserver>] [--protocol ldaps|starttls] [--port <port num>] [--principal <principal>] [--password <password>] [--userdn <user DN>] [--viewergrp <viewer group>] [--admingrp <admin group>] [--cacert <url>]
Command Attributes
Review the following attribute descriptions.
|
|
Sets the Connections Settings for the LDAP/AD server(s). |
|
|
If specified, users will be validated:
|
|
|
Enter the primary server as a valid IP or hostname. Do not include the protocol. |
|
|
If specified, an alternate server valid IP or hostname may be entered. Do not include the protocol. |
--protocol ldaps|starttls
|
Choose to either use StartTLS connection protocol or LDAPS. Defaults to StartTLS. |
--port <port num>
|
Enter the port for the connection. |
--principal <principal>
|
Enter the distinguished name to bind to the LDAP/AD directory. |
--password <password>
|
Password for simple authentication. |
--userdn <user DN>
|
Enter the distinguished name for retrieving the user information. |
--viewergrp <viewer group>
|
Enter the fully qualified distinguished name for the view only users that will have monitor or view access to this system. |
--admingrp <admin group>
|
Enter the fully qualified distinguished name for the admin users that will have administrative access to this system. |
--cacert <url>
|
Enter the url for the CA certificate file. |
Test LDAP Settings
Test the LDAP/AD connection settings.
Command
syscli --test ldapsettings --primaryserver <pserver> [--altserver <aserver>] [--protocol ldaps|starttls] [--port <port num>] [--principal <principal>] [--password <password>] --userdn <user DN> [--viewergrp <viewe r group>] [--admingrp <admin group>] [--cacert <url>]
Command Attributes
Review the following attribute descriptions.
--test ldapsettings
|
Tests the Connections Settings for the LDAP/AD server(s). |
--primaryserver <pserver>
|
Enter the primary server as a valid IP or hostname. Do not include the protocol. |
--altserver <aserver>
|
If specified, an alternate server valid IP or hostname may be entered. |
--protocol ldaps|starttls
|
Choose to either use StartTLS connection protocol (default) or LDAPS. |
--port <port num>
|
Enter the port for the connection. |
--principal <principal>
|
Enter the distinguished name to bind to the LDAP/AD directory. |
--password <password>
|
Password for simple authentication if required by LDAP/AD server. |
--userdn <user DN>
|
Enter the distinguished name for retrieving the user information . |
--viewergrp <viewe r group>
|
Enter the fully qualified distinguished name for the view only users that will have monitor or view access to this system. |
--admingrp <admin group>
|
Enter the fully qualified distinguished name for the admin users that will have administrative access to this system. |
--cacert <url>
|
Enter the url for the CA certificate file. |
Test LDAP User
Configure the LDAP/AD connection settings to the primary and alternate LDAP/AD servers.
Command
syscli --test ldapuser --username <username> --password <password>
Command Attributes
Review the following attribute descriptions.
--test ldapuser
|
Starts the test for the username. |
--username <username>
|
Enter the username to validate in the LDAP/AD directory. |
--password <password>
|
Password for the username. |
