ap_external_ldap command

The ap_external_ldap command integrates Cloud Pak for Data System with an external LDAP or Windows Active Directory.

Usage

ap_external_ldap [-h] {enable,usermod,disable,status}

enable: Enables the specified external LDAP server for authentication. See ap_external_ldap enable.
usermod: Adds users from external LDAP/AD to a specified platform users group: ibmapadmins or ibmapusers. See ap_external_ldap usermod.
disable: Disables the external LDAP/AD authentication.
status: Displays the status of authentication: local or external LDAP/AD.
help: Optional. Displays help for the command.


ap_external_ldap enable [-h] [-t {ad,openldap}][-s SERVER][-p {389,636}] [-b SEARCHBASEDN][-d SEARCHUSERDN][-w USERPASSWORD][-f {yes,no}]

Enables external LDAP/Windows AD operation options.

-h, --help: Optional. Shows command help.
-s server, --server server: External LDAP/AD Server hostname/IP where users are managed.
-t {ad|openldap}, --ldaptype {ad|openldap}: Specifies the LDAP/AD type, ad for Active Directory server type.
-p {389,636}, --port {389,636}: Specifies the external LDAP/AP port.
-b searchbasedn, --search_base_dn searchbasedn: Specifies the point in the LDAP tree from which you can search users and groups.
-d searchuserdn, --search_user_dn searchuserdn: Specifies a user who has access to search the base DN. Such user can perform look ups in the LDAP server.
-w userpassword, --search_user_password userpassword: Plain text password of the search_user_dn.
-f {yes|no}, --force {yes|no}: Optional. Forces the enable option without user prompts.

ap_external_ldap usermod [-h][-u USERNAME][-g {2001,2002}]

-h, --help: Optional. Displays help for the command.
-u username, --user username: Username from external LDAP or Active Directory server to be added to the platform group.
-g {2001,2002}, --groupid {2001,2002}: Specifies platform group id: 2001 for ibmapdmins, 2002 for ibmapusers.