Crllookup - Cisco Nexus 7000 Series Command Reference Manual

CRLLookup

CRLLookup
To configure the attribute name, search filter, and base-DN for the certificate revocation list (CRL) search
operation in order to send a search query to the Lightweight Directory Access Protocol (LDAP) server, use
the CRLLookup command. To disable this configuration, use the no form of this command.
CRLLookup attribute-name attribute-name search-filter filter base-DN base-DN-name
no CRLLookup
Syntax Description
attribute-name attribute-name
search-filter filter
base-DN base-DN-name
Command Default
None
Command Modes
Lightweight Directory Access Protocol (LDAP) search map configuration
Command History
Release
5.0(2)
Usage Guidelines
To use this command, you must enable LDAP.
This command does not require a license.
Examples This example shows how to configure the attribute name, search filter, and base-DN for the CRL search
operation in order to send a search query to the LDAP server:
switch# conf t
switch(config)# ldap search-map s0
switch(config-ldap-search-map)# CRLLookup attribute-name certificateRevocationList
search-filter (&(objectClass=cRLDistributionPoint)) base-DN CN=CDP,CN=Public Key
Services,CN=Services,CN=Configuration,DC=mdsldaptestlab,DC=com
switch(config-ldap-search-map)#
Cisco Nexus 7000 Series Security Command Reference
106
Specifies the attribute name of the LDAP search map.
The name is alphanumeric, case sensitive, and has a
maximum of 128 characters.
Specifies the filter for the LDAP search map. The
name is alphanumeric, case sensitive, and has a
maximum of 128 characters.
Specifies the base-designated name for the LDAP
search map. The name is alphanumeric, case sensitive,
and has a maximum of 128 characters.
Modification
This command was introduced.
C Commands