LDAP
The nv unset commands remove the configuration you set with the equivalent nv set commands. This guide only describes an nv unset command if it differs from the nv set command.
nv set system aaa ldap base-dn
Configures the LDAP search base for the common maps (passwd and group).
When an LDAP client requests information about a resource, the client must connect and bind to the server, then perform one or more resource queries depending on the lookup. All search queries to the LDAP server use the configured search base, filter, and the desired entry (uid=myuser). If the LDAP directory is large, this search takes a long time. Define a more specific search base for the common maps (passwd and group).
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap base-dn ou=support,dc=rtp,dc=example,dc=test
nv set system aaa ldap bind-dn
Configures the Authenticated (Simple) BIND credentials. The BIND credentials are optional; if you do not specify the credentials, the switch assumes an anonymous bind. To use SASL (Simple Authentication and Security Layer) BIND, which provides authentication services using other mechanisms such as Kerberos, contact your LDAP server administrator for authentication information.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap bind-dn CN=cumulus-admin,CN=Users,DC=rtp,DC=example,DC=test
nv set system aaa ldap hostname <hostname-id>
Configures the host name or IP address of the LDAP server from which you want to import users. If you use multiple LDAP servers, you can also set a priority for each server.
Command Syntax
| Syntax | Description |
|---|---|
<hostname-id> |
The host name or IP address of the LDAP server. |
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap hostname ldapserver1
nv set system aaa ldap hostname <hostname-id> priority
Configures the priority when using multiple LDAP servers.
Command Syntax
| Syntax | Description |
|---|---|
<hostname-id> |
The host name or IP address of the LDAP server. |
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap hostname ldapserver2 priority 2
nv set system aaa ldap port
Configures the port number of the LDAP server if you are using a non-default port. The default port number for LDAP is TCP and UDP port 389.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap port 388
nv set system aaa ldap referrals
Enables or disables LDAP referrals, which allow a directory tree to be partitioned and distributed between multiple LDAP servers.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap referrals enabled
nv set system aaa ldap secret
Configures the LDAP secret.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap secret 1Q2w3e4r!
nv set system aaa ldap ssl ca-list
Configures the SSL CA certificate list.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap ssl ca-list none
nv set system aaa ldap ssl crl-check
Configures the SSL CRL (Certificate Revocation List) check.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap ssl crl-check /etc/ssl/certs/rtp-example-ca.crt
nv set system aaa ldap ssl mode
Configures the LDAP SSL mode. You can specify none, ssl, or start-tls.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap ssl mode ssl
nv set system aaa ldap ssl port
Configures the LDAP SSL port.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap ssl port 8443
nv set system aaa ldap ssl tls-ciphers
Configures the SSL cipher suites. You can specify TLS1.2, TLS1.3, TLS-CIPHERS, or all.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap ssl tls-ciphers TLS1.3
nv set system aaa ldap timeout-bind
Configures the number of seconds before the BIND operation times out. The default setting is 5 seconds.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap timeout-bind 60
nv set system aaa ldap timeout-search
Configures the number of seconds before the search times out. The default setting is 5 seconds.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap timeout-search 60
nv set system aaa ldap version
Configures the LDAP version. You can specify version 2 or 3. Cumulus Linux uses LDAP version 3 by default.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap version 2
nv set system aaa ldap vrf
Configures the LDAP VRF.
Version History
Introduced in Cumulus Linux 5.11.0
Example
cumulus@switch:~$ nv set system aaa ldap vrf mgmt