The pki ldap command configures the downloading of the CA certificate, local certificate, or CRL through LDAP.
| Parameter | Description | Value |
|---|---|---|
| vpn-instance vpn-instance-name |
Specifies the VPN instance to which the CA LDAP server belongs. |
The value is a string of 1 to 31 case-sensitive characters. It cannot contain spaces. The VPN instance name cannot be _public_. If the character string is quoted by double quotation marks, the character string can contain spaces. |
| source source-ip-address |
Specifies the local address that is used to download the CA certificate, local certificate, or CRL. |
The value is an IPv4 address in dotted decimal notation. |
| port port |
Specifies the port of the LDAP server. |
The value is an integer ranging from 1 to 65535. The default value is 389. |
| version version |
Specifies the version number of LDAP. |
The value is 2 or 3. The default value is 3. |
| attribute attr-value |
Specifies the attribute value that the device uses when obtaining the certificate from the LDAP server. |
The value is a string of 1 to 63 case-sensitive characters. |
| authentication ldap-dn |
Specifies the username of the LDAP server. |
The value is a string of 1 to 31 case-sensitive characters. |
| authentication ldap-password |
Specifies the password of the LDAP server. |
The value is a string of 1 to 31 case-sensitive characters. |
| save-name |
Specifies the name of a CA certificate, local certificate, or CRL. |
The value is a string of 5 to 63 case-insensitive characters. |
| dn dn-value |
Specifies the DN that the device uses when obtaining the CRL from the LDAP server. |
The value is a string of 1 to 255 case-sensitive characters in text format, spaces supported. |
| ip ldap-ip-address |
Specifies the IP address of the LDAP server. |
The value is an IPv4 address in dotted decimal notation. |
Usage Scenario
Note the following when the device downloads the CA certificate, local certificate, or CRL through LDAP: