Sets up Virtual I/O Server as a Lightweight Direct Access Protocol (LDAP) client.
mkldap -host serverlist -bind bindDN -passwd bindpwd [ -base baseDN ] [ -port serverport ] [ -ctimeout cacheTimeout ] [ -csize cacheSize ] [ -threads NumberofThreads ] [ -hbeatint heartBeatInt ] [-keypath SSL_database_path ] [-keypasswd SSL_password ] [ -auth authType ] [ -users userlist | ALL]
mkldap -deconfig
You can supply multiple LDAP servers to the mkldap command during client set up. In this case, the client contacts the servers in the supplied order and establishes connection to the first server to which the client can successfully bind.
The LDAP client communicates to the LDAP server through a client side daemon, secldapclntd.
The secldapclntd command is enabled or disabled by using the startnetsvc and stopnetsvc commands.
Flag name | Description |
---|---|
-host serverlist | Specifies comma-separated list of host names. |
-bind bindDN | Specifies the DN (distinguished name) to bind to the LDAP server. |
-passwd bindpwd | Specifies the clear text password for the bindDN used to bind to the LDAP server. |
-base baseDN | Specifies the base DN for the mkldap command, in which to search for the user base DN and group base DN. If you do not specify this flag, the entire database is searched. |
-port serverport | Specifies the port number to which the LDAP server is listening. |
-ctimeout cachetimeout | Specifies the maximum time length that a cache entry expires. Set this value to 0 to disable caching. |
-csize cacheSize | Specifies the maximum number of user entries used in the client side daemon cache. |
-threads NumberofThreads | Specifies the numbers of threads that the client side daemon uses. |
-hbeatint heartBeatInt | Specifies the time interval of heartbeats between the client and the LDAP server. |
-keypath SSL_database_path | Specifies the full path
to the SSL database.
Note: This requires the ldap.max_crypto_client
fileset to be installed.
|
-keypasswd SSL_password | Specifies the password
for the SSL key.
Note: This requires the ldap.max_crypto_client fileset
to be installed.
|
-auth authType | Specifies the authentication mechanism that is used to authenticated users. Valid values are unix_auth and ldap_auth. |
-users userlist | Specifies the comma-separted list of user names to enable for LDAP authentication. Specify ALL to enable all users on the client. |
-deconfig bindpwd | Specifies that the previous client set up to the LDAP client configuration file should be undone. |
Return code | Description |
---|---|
0 | Success |
1 | Invalid flag, argument, or command failure |
mkldap -host ldapserv1 -bind cn=admin -passwd adminpwd -users user1,user2
mkldap -bind cn=admin -passwd adminpwd -host server3.your_company.com
-base o=mycompany,c=us -keypath /usr/ldap/clientkey.kdb
-keypasswd keypwd -users user1,user2
These commands sets up the local host as the client of the LDAP server that is running on host ldapserv1 and cn=admin and -passwd adminpwd are the LDAP server administrator login credentials.
File path | Description |
---|---|
/etc/security/ldap/ldap.cfg | Contains the mkldap command, and server bind DN, password, server name, the SSL key path and password, and other configuration attributes. |