Mellanox MLNX-OS®Command Reference Guide for SX1018HP Ethernet Managed Blade Switch
Rev 1.6.2
Mellanox Technologies
161
ldap ssl
ldap ssl {ca-list <options> | cert-verify | mode <mode>| port <port-number>}
no ldap ssl {cert-verify | mode | port}
Sets SSL parameter for LDAP.
The no form of the command resets the attribute to its default value.
Syntax Description options This command specifies the list of supplemental certifi-
cates of authority (CAs) from the certificate configura-
tion database that is to be used by LDAP for
authentication of servers when in TLS or SSL mode.
The options are:
• default-ca-list - uses default supplemental CA certifi-
cate list
• none - no supplemental list, uses the built-in one
only
CA certificates are ignored if “ldap ssl mode” is not
configured as either “tls” or “ssl”, or if “no ldap ssl
cert-verify” is configured.
The default-ca-list is empty in the factory default con-
figuration. Use the command: “crypto certificate ca-list
default-ca-list name” to add trusted certificates to that
list.
The “default-ca-list” option requires LDAP to consult
the system’s configured global default CA-list for sup-
plemental certificates.
cert-verify Enables verification of SSL/TLS server certificates.
This may be required if the server's certificate is self-
signed, or does not match the name of the server.
mode Sets the security mode for connections to the LDAP
server.
• none - requests no encryption for the LDAP connection
• ssl - the SSL-port configuration is used, an SSL connec-
tion is made before LDAP requests are sent (LDAP over
SSL)
• tls - the normal LDAP port is used, an LDAP connection
is initiated, and then TLS is started on this existing con-
nection
port-number Sets the port on the LDAP server to connect to for
authentication when the SSL security mode is enabled
(LDAP over SSL).
Default cert-verify is enabled
mode is none (LDAP SSL is not activated)
port-number is 636
Modes/Context Config