LDAP

The nv unset commands remove the configuration you set with the equivalent nv set commands. This guide only describes an nv unset command if it differs from the nv set command.


nv set system aaa ldap base-dn

Configures the LDAP search base for the common maps (passwd and group).

When an LDAP client requests information about a resource, the client must connect and bind to the server, then perform one or more resource queries depending on the lookup. All search queries to the LDAP server use the configured search base, filter, and the desired entry (uid=myuser). If the LDAP directory is large, this search takes a long time. Define a more specific search base for the common maps (passwd and group).

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap base-dn ou=support,dc=rtp,dc=example,dc=test

nv set system aaa ldap bind-dn

Configures the Authenticated (Simple) BIND credentials. The BIND credentials are optional; if you do not specify the credentials, the switch assumes an anonymous bind. To use SASL (Simple Authentication and Security Layer) BIND, which provides authentication services using other mechanisms such as Kerberos, contact your LDAP server administrator for authentication information.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap bind-dn CN=cumulus-admin,CN=Users,DC=rtp,DC=example,DC=test

nv set system aaa ldap hostname <hostname-id>

Configures the host name or IP address of the LDAP server from which you want to import users. If you use multiple LDAP servers, you can also set a priority for each server.

Command Syntax

Syntax Description
<hostname-id> The host name or IP address of the LDAP server.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap hostname ldapserver1

nv set system aaa ldap hostname <hostname-id> priority

Configures the priority when using multiple LDAP servers.

Command Syntax

Syntax Description
<hostname-id> The host name or IP address of the LDAP server.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap hostname ldapserver2 priority 2

nv set system aaa ldap port

Configures the port number of the LDAP server if you are using a non-default port. The default port number for LDAP is TCP and UDP port 389.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap port 388

nv set system aaa ldap referrals

Enables or disables LDAP referrals, which allow a directory tree to be partitioned and distributed between multiple LDAP servers.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap referrals enabled

nv set system aaa ldap secret

Configures the LDAP secret.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap secret 1Q2w3e4r!

nv set system aaa ldap ssl ca-list

Configures the SSL CA certificate list.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap ssl ca-list none

nv set system aaa ldap ssl crl-check

Configures the SSL CRL (Certificate Revocation List) check.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap ssl crl-check /etc/ssl/certs/rtp-example-ca.crt

nv set system aaa ldap ssl mode

Configures the LDAP SSL mode. You can specify none, ssl, or start-tls.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap ssl mode ssl

nv set system aaa ldap ssl port

Configures the LDAP SSL port.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap ssl port 8443

nv set system aaa ldap ssl tls-ciphers

Configures the SSL cipher suites. You can specify TLS1.2, TLS1.3, TLS-CIPHERS, or all.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap ssl tls-ciphers TLS1.3

nv set system aaa ldap timeout-bind

Configures the number of seconds before the BIND operation times out. The default setting is 5 seconds.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap timeout-bind 60

nv set system aaa ldap timeout-search

Configures the number of seconds before the search times out. The default setting is 5 seconds.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap timeout-search 60

nv set system aaa ldap version

Configures the LDAP version. You can specify version 2 or 3. Cumulus Linux uses LDAP version 3 by default.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap version 2

nv set system aaa ldap vrf

Configures the LDAP VRF.

Version History

Introduced in Cumulus Linux 5.11.0

Example

cumulus@switch:~$ nv set system aaa ldap vrf mgmt