Aruba Networks PowerConnect W Clearpass 100 Software Deployment Manual page 420

Table 54 LDAP Module Settings (Continued)
Setting
ldap.password_attribute = "nspmPassword"
ldap.password_header = "{clear}"
ldap.net_timeout = 1
ldap.timeout = 4
ldap.timelimit = 3
ldap.ldap_debug = 0
ldap.identity = not set
ldap.password = not set
ldap.basedn
ldap.filter
ldap.base_filter = not set
ldap.start_tls = no
ldap.tls_mode = no
ldap.tls_cacertfile = not set
ldap.tls_cacertdir = not set
420 | Reference
Description
To support Novell eDirectory Universal Password, this option must
be set to "nspmPassword". Retrieves the user's plain-text
password from the directory and uses in the RADIUS server for
user authentication. Universal Password requires a secure
connection to the LDAP server.
Required for Novell eDirectory support. When defining this
attribute for an individual Novell eDirectory LDAP server, remove
the "ldap." prefix from the attribute name.
To extract the user's plain-text password via Novell Universal
Password, this value must be set to "{clear}". The value for this
attribute must be lowercase. Universal Password requires a secure
connection to the LDAP server.
Required for Novell eDirectory support. When defining this
attribute for an individual Novell eDirectory LDAP server, remove
the "ldap." prefix from the attribute name.
Number of seconds to wait for a response from the LDAP server
(network failures).
Number of seconds to wait for the LDAP query to finish.
Number of seconds the LDAP server has to process the query
(server-side time limit).
Debug flags for LDAP SDK (see OpenLDAP documentation)
Example: (LDAP_DEBUG_FILTER + LDAP_DEBUG_CONNS)
ldap.ldap_debug = 0x0028
The DN under which LDAP searches are done.
Password which authenticates the identity DN. If not set, the
default is to perform an anonymous bind, with no password
required. NOTE: this implies that searches will be done over an
unencrypted connection!
ldap.filter= "o=My Org,c=UA"
Base of LDAP searches.
ldap.filter = "uid=%{Stripped-User-Name:-%{User-Name}}"
The LDAP search filter, to locate user object using the name
supplied by client during the RADIUS authentication process.
The LDAP search filter used for base scope searches, like when
searching for the default or regular profiles.
When set to "yes", the StartTLS extended operation is used to
enable TLS transport encryption.
When set to "yes", or if the server port is 636, we try to connect
with TLS. Start TLS should be preferred; 'tls_mode' is provided
only for LDAP servers like Active Directory which do not support it.
A PEM-encoded file that contains the CA Certificates that you
trust.
Path to a directory of CA Certificates that you trust, the directory
must be in "hash format" (see: openssl verify).
Amigopod 3.7 | Deployment Guide