ldap-server
Use ldap-server to specify an LDAP server for a PKI domain.
Use undo ldap-server to restore the default.
Syntax
ldap-server host hostname [ port port-number ] [ vpn-instance vpn-instance-name ]
undo ldap-server
Default
No LDAP server is specified for a PKI domain.
Views
PKI domain view
Predefined user roles
network-admin
mdc-admin
Parameters
host hostname: Specifies an LDAP server by its IPv4 address, IPv6 address, or domain name. The domain name is a case-sensitive string of 1 to 255 characters.
port port-number: Specifies the port number of the LDAP server. The value range is 1 to 65535, and the default is 389.
vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the LDAP server is on the public network, do not specify this option.
Usage guidelines
You must specify an LDAP server for a PKI domain in the following situations:
The certificate repository uses LDAP for certificate distribution.
The CRL repository uses LDAP for CRL distribution. However, the CRL repository URL configured for the PKI domain does not contain the IP address or host name of the LDAP server.
You can specify only one LDAP server for a PKI domain. If you execute this command multiple times, the most recent configuration takes effect.
Examples
# Specify LDAP server 10.0.0.1 for PKI domain aaa.
<Sysname> system-view [Sysname] pki domain aaa [Sysname-pki-domain-aaa] ldap-server host 10.0.0.1
# Specify LDAP server 10.0.0.11 in VPN instance vpn1 for PKI domain aaa. Set the port number to 333.
<Sysname> system-view [Sysname] pki domain aaa [Sysname-pki-domain-aaa] ldap-server host 10.0.0.11 port 333 vpn-instance vpn1
Related commands
pki retrieve-certificate
pki retrieve-crl