368
G8264 Command Reference for ENOS 8.4
Table 155.
LDAP Server Configuration Options (continued)
Command Syntax and Usage
ldapserver security starttls
Configures LDAP to encrypt LDAP credentials (DN and password) using Start
Transport Layer Security (StartTLS) when sending a bind request to the LDAP
server. This requires the LDAP client to present a Certificate Authority (CA)
root certificate. The CA root certificate can be downloaded from the LDAP
server. For more details, see page
The LDAP client and LDAP server do not need to initiate a separate TLS
session before any LDAP messages are exchanged. StartTLS encrypts a
non‐encrypted LDAP connection by wrapping it with TLS at any time during
or after the connection has been established. Thus, there is no need to use a
separate port for encrypted LDAP communication.
Note: This option is available only in LDAP enhanced mode.
Command mode: Global configuration
[no] ldapserver security mutual
Enables or disables LDAP to request the LDAP server to also provide its own
Certificate Authority (CA) root certificate for authentication by the LDAP
client. The LDAP server and the LDAP client both compare the other's CA root
certificate against their own. If both certificates match, the authentication
succeeds. If either certificate does not match, the authentication fails.
Note: This option is available only in LDAP enhanced mode.
Command mode: Global configuration
[no] ldapserver srv
Enables or disables the switch to look up LDAP server information by
retrieving a Service (SRV) record associated with LDAP from the configured
Domain Name System (DNS). For more details on DNS, see "Domain Name
System Configuration" on page
Note: This option is available only in LDAP enhanced mode.
Command mode: Global configuration
ldapserver secondaryhost <IPv4 address> [dataport|mgtport]
Configures the secondary LDAP server with an IPv4 address.
Note: This option is available only in LDAP legacy mode.
Command mode: Global configuration
no ldapserver secondaryhost
Deletes the secondary LDAP server.
Command mode: Global configuration
ldapserver ipv6 secondaryhost <IPv6 address> [dataport|
|mgtport]
Configures the secondary LDAP server with an IPv6 address.
Note: This option is available only in LDAP legacy mode.
Command mode: Global configuration
338.
597.