LDAP Target Connector CLI Configuration

This topic contains the parameters for adding the LDAP target application and target accounts:
capam33
This topic contains the parameters for adding the LDAP target application and target accounts:

LDAP Target Application CLI Parameters

To add an LDAP target application and connector using the CLI, use the addTargetApplication command and the following command parameters:
TargetApplication.type
The target application connector type.
Required
Default Value
Valid Values
Yes
N/A
ldap
Attribute.port
The port that is used to connect to the LDAP Server.
Required
Default Value
Valid Values
Yes
N/A
0-65535. The GUI uses default value 389.
Attribute.protocol
The protocol that is used to connect to the LDAP server.
Required
Default Value
Valid Values
Yes
clear
clear, ssl
Attribute.serverType
The LDAP server type.
Required
Default Value
Valid Values
No
OpenLDAP
CA ACF2, CA Top Secret, CA RACF, Other, OpenLDAP
If the specified LDAP server type contains a space (for example, CA Top Secret), the entire Attribute.serverType attribute must be enclosed in quotation marks (") as shown in the following example:
capam_command capam=10.10.10.10 userID=admin cmdName=addTargetApplication TargetServer.hostName=myhostname TargetApplication.name=myLDAP TargetApplication.type=ldap
"Attribute.serverType=CA RACF"
Attribute.port=389 Attribute.protocol=clear
Attribute.sslCertificate
The LDAP SSL certificate.
Required
Default Value
Valid Values
Required if the protocol is SSL.
N/A
X.509 digital certificate in BASE64 encoded format
Attribute.ldapConnectTimeout
Time in milliseconds that Credential Manager waits before aborting the attempt to connect to the server.
Required
Default Value
Valid Values
No
3000
1000-99999
Attribute.ldapReadTimeout
Time in milliseconds that Credential Manager waits before aborting the request to the server for data. The read timeout applies to the LDAP response from the server, after the initial connection is established with the server.
Required
Default Value
Valid Values
No
3000
1000-99999

LDAP Target Account CLI Parameters

To add an LDAP target account that uses the target connector, use the addTargetAccount command and the following command parameters:
Attribute.useOtherAccountToChangePassword
This attribute specifies whether to use the target account or a different account to perform password change requests.
Required
Default Value
Valid Values
Yes
N/A
true, false
Attribute.otherAccount
This attribute specifies which other account to use to perform password change requests.
Required
Default Value
Valid Values
yes
Attribute.useOtherAccountToChangePassword
is true.
N/A
A valid target account ID.
Attribute.userDN
The distinguished name of the user on the LDAP server.
Required
Default Value
Valid Values
yes
N/A
String.

LDAP CLI Example

cmdName=addTargetApplication TargetServer.hostName=myhostname.mydomain.com
TargetApplication.name=myLDAP TargetApplication.type=ldap Attribute.port=389 Attribute.protocol=clear
cmdName=addTargetAccount TargetServer.hostName=myhostname.mydomain.com
TargetApplication.name=myLDAP TargetAccount.userName=admin
TargetAccount.password=p@ssw0rd TargetAccount.cacheBehavior=useCacheFirst
TargetAccount.cacheDuration=21 Attribute.userDN=admin
Attribute.useOtherAccountToChangePassword=false