Specifications
Setting the search bind Distinguished Name (DN) 
The Set LDAP BindDN command is used to set the fully-qualified distinguished name (FQDN) for user 
accounts to bind with. This is required for directory services that do not support anonymous binds. 
This field is used ONLY with Simple Binds. 
Maximum string length is 124 characters. 
NOTE: If left blank, then an anonymous bind will be attempted. This field is used ONLY with Simple binds. 
To set the search bind DN: 
At the Sentry: prompt, type set ldap binddn, and press Enter. At the following prompt, type the 
FQDN and press Enter. 
Example 
The following sets the FQDN for MSAD to ‘cn=guest,cn=Users,dc=servertech,dc=com’: 
Sentry: set ldap binddn<Enter> 
Enter Search Bind DN (Max characters 124): 
cn=guest,cn=Users,dc=servertech,dc=com<Enter> 
Setting the search bind Distinguished Name (DN) password 
The Set LDAP BindPW command is used to set the password for the user account specified in the 
Search Bind DN. 
Maximum password size is 20 characters. 
To set the Bind Password DN: 
At the Sentry: prompt, type set ldap bindpw and press Enter. At the following prompt, type the bind 
password and press Enter. 
Setting the group membership attribute. 
The Set LDAP GroupAttr command is used to specify the name of user class attributes that lists 
distinguished names (DN), or names of groups that a user is a member of. Maximum string length is 30 
characters. 
To set Group Membership Attribute: 
At the Sentry: promp, type set ldap groupattr and press Enter. At the following prompt, type the 
group membership attribute and press Enter. 
Example 
The following sets the group membership attribute for MSAD to ‘memberof’: 
Sentry: set ldap groupattr<Enter> 
Enter Group Member Attr (Max character 30): 
memberof<Enter> 
Setting the group membership value type: 
The Set LDAP GroupType command is used to specify whether the values of Group Membership 
Attribute represent the Distinguished Name (DN) of a group or just the name of the group. 
To set group membership value type: 
At the Sentry: prompt, type set ldap grouptype followed by DN or Name and press Enter. 
Example 
The following sets group membership value to DN 
Sentry: set ldap grouptype DN<Enter> 
56 • Advanced Operations  Sentry PT22   
    Installation and Operations Manual 










