4000 Router Series Security Command Reference

ManualsBrandsHP ManualsNetwork HardwareHP MSR3024 TAA-compliant AC Router

171

172

173

174

175

176

177

178

179

180

165

Views

PKI domain view

Predefined user roles

network-admin

Parameters

host host-name: Specifies the host name of an LDAP server, a case-sensitive string of 1 to 255 characters.

It can be an IPv4 or IPv6 address or a domain name.

port port-number: Specifies the port number of an LDAP server, in the range of 1 to 65535. The default

setting is 389.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN to which the LDAP server belongs, where the

vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the LDAP server is on the

public network, do not specify this option.

Usage guidelines

You must specify the LDAP server in the following cases:

• The device obtains local certificates or peer certificates through the LDAP protocol.

• The device obtains CRLs through the LDAP protocol, but the specified URL of the CRL repository does

not carry the host name.

In a PKI domain, you can specify only one LDAP server. If you configure this command multiple times, the

most recent configuration takes effect.

Examples

# Specify the IP address of the LDAP server as 10.0.0.1.

<Sysname> system-view

[Sysname] pki domain aaa

[Sysname-pki-domain-aaa] ldap-server host 10.0.0.1

# Specify the IP address of the LDAP server as 10.0.0.11, and port number as 333 in the VPN instance

vpn1.

<Sysname> system-view

[Sysname] pki domain aaa

[Sysname-pki-domain-aaa] ldap-server host 10.0.0.11 port 333 vpn-instance vpn1

Related commands

• pki retrieve-certificate

• pki retrieve-crl

locality

Use locality to set the locality for a PKI entity.

Use undo locality to remove the configuration.

Syntax

locality locality-name

undo locality