LDAP Target Connector CLI Configuration
This topic contains the parameters for adding the LDAP target application and target accounts:
capam33
This topic contains the parameters for adding the LDAP target application and target accounts:
2
LDAP Target Application CLI Parameters
To add an LDAP target application and connector using the CLI, use the addTargetApplication command and the following command parameters:
TargetApplication.type
The target application connector type.
Required | Default Value | Valid Values |
Yes | N/A | ldap |
Attribute.port
The port that is used to connect to the LDAP Server.
Required | Default Value | Valid Values |
Yes | N/A | 0-65535. The GUI uses default value 389. |
Attribute.protocol
The protocol that is used to connect to the LDAP server.
Required | Default Value | Valid Values |
Yes | clear | clear, ssl |
Attribute.serverType
The LDAP server type.
Required | Default Value | Valid Values |
No | OpenLDAP | CA ACF2, CA Top Secret, CA RACF, Other, OpenLDAP |
If the specified LDAP server type contains a space (for example, CA Top Secret), the entire Attribute.serverType attribute must be enclosed in quotation marks (") as shown in the following example:
capam_command capam=10.10.10.10 userID=admin cmdName=addTargetApplication TargetServer.hostName=myhostname TargetApplication.name=myLDAP TargetApplication.type=ldap
"Attribute.serverType=CA RACF"
Attribute.port=389 Attribute.protocol=clearAttribute.sslCertificate
The LDAP SSL certificate.
Required | Default Value | Valid Values |
Required if the protocol is SSL. | N/A | X.509 digital certificate in BASE64 encoded format |
Attribute.ldapConnectTimeout
Time in milliseconds that Credential Manager waits before aborting the attempt to connect to the server.
Required | Default Value | Valid Values |
No | 3000 | 1000-99999 |
Attribute.ldapReadTimeout
Time in milliseconds that Credential Manager waits before aborting the request to the server for data. The read timeout applies to the LDAP response from the server, after the initial connection is established with the server.
Required | Default Value | Valid Values |
No | 3000 | 1000-99999 |
LDAP Target Account CLI Parameters
To add an LDAP target account that uses the target connector, use the addTargetAccount command and the following command parameters:
Attribute.useOtherAccountToChangePassword
This attribute specifies whether to use the target account or a different account to perform password change requests.
Required | Default Value | Valid Values |
Yes | N/A | true, false |
Attribute.otherAccount
This attribute specifies which other account to use to perform password change requests.
Required | Default Value | Valid Values |
yes Attribute.useOtherAccountToChangePassword is true. | N/A | A valid target account ID. |
Attribute.userDN
The distinguished name of the user on the LDAP server.
Required | Default Value | Valid Values |
yes | N/A | String. |
LDAP CLI Example
cmdName=addTargetApplication TargetServer.hostName=myhostname.mydomain.comTargetApplication.name=myLDAP TargetApplication.type=ldap Attribute.port=389 Attribute.protocol=clearcmdName=addTargetAccount TargetServer.hostName=myhostname.mydomain.comTargetApplication.name=myLDAP TargetAccount.userName=adminTargetAccount.password=p@ssw0rd TargetAccount.cacheBehavior=useCacheFirstTargetAccount.cacheDuration=21 Attribute.userDN=adminAttribute.useOtherAccountToChangePassword=false