405
Usage guidelines
Use this command to assign an IP address to a PKI entity or specify an interface for the entity. The
interface's primary IPv4 address will be used as the IP address of the PKI entity. If you specify an
interface, make sure the interface is assigned an IP address before the PKI entity requests a
certificate.
Examples
# Assign IP address
192.168.0.2
to PKI entity
en
.
<Sysname> system-view
[Sysname] pki entity en
[Sysname-pki-entity-en] ip 192.168.0.2
ldap-server
Use
ldap-server
to specify an LDAP server for a PKI domain.
Use
undo ldap-server
to restore the default.
Syntax
ldap-server host
hostname
[
port
port-number
] [
vpn-instance
vpn-instance-name
]
undo ldap-server
Default
No LDAP server is specified for a PKI domain.
Views
PKI domain view
Predefined user roles
network-admin
mdc-admin
Parameters
host hostname
: Specifies an LDAP server by its IPv4 address, IPv6 address, or domain name. The
domain name is a case-sensitive string of 1 to 255 characters.
port
port-number
: Specifies the port number of the LDAP server. The value range is 1 to 65535, and
the default is 389.
vpn-instance vpn-instance-name
: Specifies an MPLS L3VPN instance by its name, a
case-sensitive string of 1 to 31 characters. If the LDAP server is on the public network, do not specify
this option.
Usage guidelines
You must specify an LDAP server for a PKI domain in the following situations:
•
The certificate repository uses LDAP for certificate distribution.
•
The CRL repository uses LDAP for CRL distribution. However, the CRL repository URL
configured for the PKI domain does not contain the IP address or host name of the LDAP
server.
You can specify only one LDAP server for a PKI domain. If you execute this command multiple times,
the most recent configuration takes effect.
Examples
# Specify LDAP server
10.0.0.1
for PKI domain
aaa
.
<Sysname> system-view