ZyXEL Communications Security Camera 3.1 ユーザーズマニュアル
Chapter 30 AAA Server
ZyWALL (ZLD) CLI Reference Guide
252
30.2.6 aaa group server ldap Commands
The following table lists the
aaa group server ldap
commands you use to configure a group of
LDAP servers.
[no] server alternative-cn-
identifier uid
Sets the second type of identifier that the users can use to log in if any. For
example “name” or “e-mail address”. The
example “name” or “e-mail address”. The
no
command clears this setting.
[no] server basedn basedn
Sets the base DN to point to the AD directory on the AD server group. The
no
no
command clears this setting.
[no] server binddn binddn
Sets the user name the ZyWALL uses to log into the AD server group. The no
command clears this setting.
command clears this setting.
[no] server cn-identifier uid
Sets the user name the ZyWALL uses to log into the AD server group. The no
command clears this setting.
command clears this setting.
[no] server description
description
Sets the descriptive information for the AD server group. You can use up to
60 printable ASCII characters. The no command clears the setting.
60 printable ASCII characters. The no command clears the setting.
[no] server group-attribute
group-attribute
Sets the name of the attribute that the ZyWALL is to check to determine to
which group a user belongs. The value for this attribute is called a group
identifier; it determines to which group a user belongs. You can add ext-
group-user user objects to identify groups based on these group identifier
values.
which group a user belongs. The value for this attribute is called a group
identifier; it determines to which group a user belongs. You can add ext-
group-user user objects to identify groups based on these group identifier
values.
For example you could have an attribute named “memberOf” with values
like “sales”, “RD”, and “management”. Then you could also create an ext-
group-user user object for each group. One with “sales” as the group
identifier, another for “RD” and a third for “management”. The
like “sales”, “RD”, and “management”. Then you could also create an ext-
group-user user object for each group. One with “sales” as the group
identifier, another for “RD” and a third for “management”. The
no
command
clears the setting.
[no] server host ad_server
Enter the IP address (in dotted decimal notation) or the domain name of an
AD server to add to this group. The
AD server to add to this group. The
no
command clears this setting.
[no] server password password
Sets the bind password (up to 15 alphanumerical characters). The
no
command clears this setting.
[no] server port port_no
Sets the AD port number. Enter a number between 1 and 65535. The default
is 389. The no command clears this setting.
is 389. The no command clears this setting.
[no] server search-time-limit
time
Sets the search timeout period (in seconds). Enter a number between 1 and
300. The no command clears this setting and set this to the default setting
of 5 seconds.
300. The no command clears this setting and set this to the default setting
of 5 seconds.
[no] server ssl
Enables the ZyWALL to establish a secure connection to the AD server. The
no
no
command disables this feature.
Table 150
aaa group server ad Commands (continued)
COMMAND
DESCRIPTION
Table 151
aaa group server ldap Commands
COMMAND
DESCRIPTION
clear aaa group server ldap [group-
name]
Deletes all LDAP server groups or the specified LDAP server group.
Note: You can NOT delete a server group that is currently in use.
show aaa group server ldap group-name
Displays the specified LDAP server group settings.
[no] aaa group server ldap group-name
Sets a descriptive name for an LDAP server group. Use this command to
enter the sub-command mode.
enter the sub-command mode.
The no command deletes the specified server group.
aaa group server ldap rename group-
name group-name
Changes the descriptive name for an LDAP server group.
aaa group server ldap group-name
Enter the sub-command mode.