Citrix Systems 4.2 Switch User Manual


 
Example LDAP Configuration Commands
23
6. Click OK.
4.2.1.2. Removing an LDAP Configuration
1. Log in to the CloudPlatform.
2. From the left navigational bar, click Global Settings.
3. From the Select view drop down, select LDAP Configuration.
4. In the Quick View, click Remove LDAP.
Alternatively, you can click Remove LDAP in the LDAP Configuration Details page.
4.2.2. Example LDAP Configuration Commands
To understand the examples in this section, you need to know the basic concepts behind calling the
CloudPlatform API, which are explained in the Developer’s Guide.
The following shows an example invocation of ldapConfig with an ApacheDS LDAP server
http://127.0.0.1:8080/client/api?command=ldapConfig&hostname=127.0.0.1&searchbase=ou
%3Dtesting%2Co%3Dproject&queryfilter=%28%26%28uid%3D%25u%29%29&binddn=cn%3DJohn+Singh%2Cou
%3Dtesting%2Co%project&bindpass=secret&port=10389&ssl=true&truststore=C%3A%2Fcompany%2Finfo
%2Ftrusted.ks&truststorepass=secret&response=json&apiKey=YourAPIKey&signature=YourSignatureHash
The command must be URL-encoded. Here is the same example without the URL encoding:
http://127.0.0.1:8080/client/api?command=ldapConfig
&hostname=127.0.0.1
&searchbase=ou=testing,o=project
&queryfilter=(&(%uid=%u))
&binddn=cn=John+Singh,ou=testing,o=project
&bindpass=secret
&port=10389
&ssl=true
&truststore=C:/company/info/trusted.ks
&truststorepass=secret
&response=json
&apiKey=YourAPIKey&signature=YourSignatureHash
The following shows a similar command for Active Directory. Here, the search base is the testing
group within a company, and the users are matched up based on email address.
http://127.127.0.0:8080/client/api?command=ldapConfig&hostname=127.147.28.250&searchbase=OU
%3Dtesting%2CDC%3Dcompany&queryfilter=%28%26%28mail%3D
%25e%29%29 &binddn=CN%3DAdministrator%2COU%3Dtesting%2CDC
%3Dcompany&bindpass=1111_aaaa&port=389&response=json&apiKey=YourAPIKey&signature=YourSignatureHash
The next few sections explain some of the concepts you will need to know when filling out the
ldapConfig parameters.
4.2.3. Search Base
An LDAP query is relative to a given node of the LDAP directory tree, called the search base. The
search base is the distinguished name (DN) of a level of the directory tree below which all users can
be found. The users can be in the immediate base directory or in some subdirectory. The search base
may be equivalent to the organization, group, or domain name. The syntax for writing a DN varies