Associating PCF with LDAP

This section describes how to associate PCF with LDAP.

When you configure PCF environment to interact with a defined LDAP, PCF must connect to the LDAP server using a trusted authentication method. This method is known as binding. PCF uses the binding information while making LDAP queries to retrieve the required subscriber information from the LDAP server.

To associate PCF with LDAP, use the following configuration:
config 
 product pcf 
     ldap replicas replica_count 
     ldap server-set server_set 
        search-user dn cn=username,dc=C ntdb 
        search-user password 
        health-check interval-ms interval 
        initial-connections connection_count 
        max-connections maximum_connections 
        retry-count retry_count 
        retry-timer-ms retry_time 
        max-failover-connection-age-ms maximum_failover 
        binds-per-second binds 
        number-consecutive-timeout-for-bad-connection consecutive_timeout 
        connection ip_address 
          priority priority 
          connection-rule connection_type 
          auto-reconnect [ true | false ] 
          timeout-ms timeout  
          bind-timeout-ms bind_timeout 
          end 

NOTES:

  • product pcf – Enters the PCF configuration mode.

  • ldap replicas replica_count – Specifies the LDAP replica count. Depending on the count, the LDAP pods are created.

  • ldap server-set server_set – Specifies the LDAP server set details.

  • search-user dn cn=username, dc=C ntdb – Specifies the domain details.

  • search-user password – Indicates the password.

  • health-check interval-ms interval – Specifies the interval at which the health check should be initiated.

  • initial-connections connection_count – Specifies the number of connections that can be attempted initially.

  • max-connections maximum_connections – Specifies the maximum number of connections at any point of time.

  • retry-count retry_count – Specifies the number of retries that the PCF Engine must attempt on a timeout.

  • retry-timer-ms retry_time – Specifies the interval after which the PCF Engine must reattempt.

  • max-failover-connection-age-ms maximum_failover – Specifes the maximum number of connection failures after which failover must happen

  • binds-per-second binds – Specifies the interval in seconds for the bind operation.

  • number-consecutive-timeout-for-bad-connection consecutive_timeout – Specifies the number of bad connections after which the timeout occurs.

  • connection ip_address – Indicates the IP address of the LDAP server that attempts the connection.

  • priority priority – Indicates the priority of the connection.

  • connection-rule connection_type – Specifies the connection type. The default rules are "Fastest" or "Round Robin".

  • auto-reconnect [ true | false ] – Specifies if the auto-connect capability should be enabled or disabled.

  • timeout-ms timeout – Indicates the period between the LDAP client or endpoint when the timeout must happen.

  • bind-timeout-ms bind_timeout – Specifies the bind timeout.