Managing Authentication Servers LDAP Servers
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 31-25
Each switch that is connected to the LDAP-enabled directory server has a DN starting with bop-basemac-
xxxxx, ou=bop-logging. If the organizational unit ou=bop.logging exists somewhere in the tree under
searchbase, logging records are written on the server. See the documentation of the server manufacturer
for more information about setting up the server.
The bop-loggedusers attribute is a formatted string with the following syntax:
loggingMode : accessType ipAddress port macAddress vlanList userName
The fields are defined here:
For example:
“ASA 0 : CONSOLE IP 65.97.233.108 Jones”
Configuring the LDAP Authentication Client
Use the aaa tacacs+-server command to configure LDAP authentication parameters on the switch. The
server name, host name or IP address, distinguished name, password, and the search base name are
required for setting up the server. Optionally, a backup host name or IP address can be configured, as well
as the number of retransmit tries, the timeout for authentication requests, and whether or not a secure
Socket Layer (SSL) is enabled between the switch and the server.
Field Possible Values
loggingMode ASA x—for an authenticated user session, where x is the
number of the session
AVLAN—for Authenticated VLAN session in single authority
mode
AVLAN y—for Authenticated VLAN session in multiple
authority mode, where y is relevant VLAN
accessType Any one of the following: CONSOLE, MODEM, TELNET,
HTTP, FTP, XCAP
ipAddress The string IP followed by the IP address of the user.
port (For Authenticated VLAN users only.) The string PORT
followed by the slot/port number.
macAddress (For Authenticated VLAN users only.) The string MAC
followed by the MAC address of the user.
vlanList (For Authenticated VLAN users only.) The string VLAN
followed by the list of VLANs the user is authorized (for
single-mode authority).
userName The login name of the user.
Note. The server must be configured with the appropriate schema before the aaa ldap-server command is
configured.
To Next Page
Loading...
