ZyXEL Communications 3.1 30.2.6 aaa group server ldap Commands

Chapter 30 AAA Server

Table 150 aaa group server ad Commands (continued)

COMMAND	DESCRIPTION
[no] server alternative-cn-	Sets the second type of identifier that the users can use to log in if any. For
identifier uid	example “name” or “e-mail address”. The no command clears this setting.
[no] server basedn basedn	Sets the base DN to point to the AD directory on the AD server group. The
	no command clears this setting.
[no] server binddn binddn	Sets the user name the ZyWALL uses to log into the AD server group. The no
	command clears this setting.

[no] server cn-identifier uid	Sets the user name the ZyWALL uses to log into the AD server group. The no
	command clears this setting.

[no] server description	Sets the descriptive information for the AD server group. You can use up to
description	60 printable ASCII characters. The no command clears the setting.
[no] server group-attribute	Sets the name of the attribute that the ZyWALL is to check to determine to
group-attribute	which group a user belongs. The value for this attribute is called a group
	identifier; it determines to which group a user belongs. You can add ext-
	group-user user objects to identify groups based on these group identifier
	values.
	For example you could have an attribute named “memberOf” with values
	like “sales”, “RD”, and “management”. Then you could also create an ext-
	group-user user object for each group. One with “sales” as the group
	identifier, another for “RD” and a third for “management”. The no command
	clears the setting.
[no] server host ad_server	Enter the IP address (in dotted decimal notation) or the domain name of an
	AD server to add to this group. The no command clears this setting.
[no] server password password	Sets the bind password (up to 15 alphanumerical characters). The no
	command clears this setting.
[no] server port port_no	Sets the AD port number. Enter a number between 1 and 65535. The default
	is 389. The no command clears this setting.
[no] server search-time-limit	Sets the search timeout period (in seconds). Enter a number between 1 and
time	300. The no command clears this setting and set this to the default setting
	of 5 seconds.
[no] server ssl	Enables the ZyWALL to establish a secure connection to the AD server. The
	no command disables this feature.

30.2.6 aaa group server ldap Commands

The following table lists the aaa group server ldap commands you use to configure a group of LDAP servers.

Table 151 aaa group server ldap Commands

COMMAND	DESCRIPTION
clear aaa group server ldap [group-	Deletes all LDAP server groups or the specified LDAP server group.
name]	Note: You can NOT delete a server group that is currently in use.


show aaa group server ldap group-name	Displays the specified LDAP server group settings.
[no] aaa group server ldap group-name	Sets a descriptive name for an LDAP server group. Use this command to
	enter the sub-command mode.
	The no command deletes the specified server group.
aaa group server ldap rename group-	Changes the descriptive name for an LDAP server group.
name group-name

aaa group server ldap group-name	Enter the sub-command mode.

252
252	ZyWALL (ZLD) CLI Reference Guide