Setting the search bind Distinguished Name (DN)
The Set LDAP BindDN command is used to set the fully-qualified distinguished name (FQDN) for user
accounts to bind with. This is required for directory services that do not support anonymous binds.
This field is used ONLY with Simple Binds.
Maximum string length is 124 characters.
NOTE: If left blank, then an anonymous bind will be attempted. This field is used ONLY with Simple binds.
To set the search bind DN:
At the Sentry: prompt, type set ldap binddn, and press Enter. At the following prompt, type the
FQDN and press Enter.
Example
The following sets the FQDN for MSAD to ‘cn=guest,cn=Users,dc=servertech,dc=com’:
Sentry: set ldap binddn<Enter>
Enter Search Bind DN (Max characters 124):
cn=guest,cn=Users,dc=servertech,dc=com<Enter>
Setting the search bind Distinguished Name (DN) password
The Set LDAP BindPW command is used to set the password for the user account specified in the
Search Bind DN.
Maximum password size is 20 characters.
To set the Bind Password DN:
At the Sentry: prompt, type set ldap bindpw and press Enter. At the following prompt, type the bind
password and press Enter.
Setting the group membership attribute.
The Set LDAP GroupAttr command is used to specify the name of user class attributes that lists
distinguished names (DN), or names of groups that a user is a member of. Maximum string length is 30
characters.
To set Group Membership Attribute:
At the Sentry: promp, type set ldap groupattr and press Enter. At the following prompt, type the
group membership attribute and press Enter.
Example
The following sets the group membership attribute for MSAD to ‘memberof’:
Sentry: set ldap groupattr<Enter>
Enter Group Member Attr (Max character 30):
memberof<Enter>
Setting the group membership value type:
The Set LDAP GroupType command is used to specify whether the values of Group Membership
Attribute represent the Distinguished Name (DN) of a group or just the name of the group.
To set group membership value type:
At the Sentry: prompt, type set ldap grouptype followed by DN or Name and press Enter.
Example
The following sets group membership value to DN
Sentry: set ldap grouptype DN<Enter>
56 • Advanced Operations Sentry PT22
Installation and Operations Manual