Cisco 4700M Configuration Manual page 106
Application control engine appliance security
Hide thumbs
Also See for 4700M:
- Administration manual (292 pages) ,
- Upgrade manual (24 pages) ,
- Installation manual (18 pages)
Table of Contents
Advertisement
Configuring the ACE as a Client of a RADIUS, TACACS+, or LDAP Server
Setting the LDAP Server Parameters
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
2-36
You can use the ldap-server host command to specify the LDAP server hostname
or IP address, destination port, and other options. You can define multiple
ldap-server host commands to configure multiple LDAP servers.
The syntax of this command is as follows:
ldap-server host ip_address [port port_number] [timeout seconds]
[rootDN "DN_string" [password bind_password]]
The arguments, keywords, and options are as follows:
ip_address —IP address for the LDAP server. Enter the address in
•
dotted-decimal IP notation (for example, 192.168.11.1).
port port_number—(Optional) Specifies the TCP destination port for
•
communicating authentication requests to the LDAP directory server. By
default, the LDAP server port is 389. If your LDAP server uses a port other
than 389, use the port keyword to configure the ACE for the appropriate port
before you start the LDAP service. The port_number argument is the LDAP
port number. Valid values are from 1 to 65535. For the specified server, this
command overrides the global setting that was assigned by using the
ldap-server port command.
timeout seconds—(Optional) Specifies the time in seconds to wait for a
•
response from the LDAP server before the ACE can declare a timeout failure
with the LDAP server. By default, the ACE waits 5 seconds for the LDAP
server to reply to an authentication request before the ACE declares a timeout
failure and attempts to contact the next server in the group. Use the timeout
keyword to change the time interval that the ACE waits for the LDAP server
to reply to an authentication request. Valid entries are from 1 to 60 seconds.
The default is 5 seconds. For the specified server, this command overrides the
global setting that was assigned by using the ldap-server timeout command.
rootDN "DN_string"—(Optional) Defines the distinguished name (DN) for
•
a user who is unrestricted by access controls or administrative limit
parameters to perform operations on the LDAP server directory. The rootDN
user is the root user for the LDAP server database. Enter a quoted string that
has a maximum of 63 alphanumeric characters. The default is an empty
string.
Chapter 2
Configuring Authentication and Accounting Services
OL-16202-01
Advertisement
Table of Contents
