5-37
Cisco Wireless LAN Controller Configuration Guide
OL-17037-01
Chapter 5 Configuring Security Solutions
Configuring LDAP
• config ldap simple-bind {anonymous index | authenticated index username username
password password}—Specifies the local authentication bind method for the LDAP server. The
anonymous method allows anonymous access to the LDAP server whereas the authenticated
method requires that a username and password be entered to secure access. The default value is
anonymous.
Note The username can contain up to 80 characters.
Note If the username starts with “cn=” (in lowercase letters), the controller assumes that the
username includes the entire LDAP database path and therefore does not append the
user base DN. This designation allows the authenticated bind user to be outside the user
base DN.
• config ldap retransmit-timeout index timeout—Configures the number of seconds between
retransmissions for an LDAP server.
2. Use this command to specify LDAP as the priority backend database server:
config local-auth user-credentials ldap
Note If you enter config local-auth user-credentials ldap local, local EAP attempts to
authenticate clients using the LDAP backend database and fails over to the local user
database if the LDAP servers are not reachable. If the user is not found, the authentication
attempt is rejected. If you enter config local-auth user-credentials local ldap, local EAP
attempts to authenticate using only the local user database. It does not fail over to the LDAP
backend database.
3. (Optional) Use these commands if you wish to assign specific LDAP servers to a WLAN:
• config wlan ldap add wlan_id server_index—Links a configured LDAP server to a WLAN.
Note The LDAP servers specified in this command apply only to WLANs with web
authentication enabled. They are not used by local EAP.
• config wlan ldap delete wlan_id {all | index}—Deletes a specific or all configured LDAP
server(s) from a WLAN.
4. Use these commands to view information pertaining to configured LDAP servers:
• show ldap summary—Shows a summary of the configured LDAP servers.
• show ldap index—Shows detailed LDAP server information.
• show ldap statistics—Shows LDAP server statistics.
• show wlan wlan_id—Shows the LDAP servers that are applied to a WLAN.
For example, information similar to the following appears for the show ldap index command:
Server Index..................................... 2
Address.......................................... 10.10.20.22
Port............................................. 389
Enabled.......................................... Yes
User DN.......................................... ou=active,ou=employees,ou=people,
o=cisco.com
To Next Page
Loading...
Need help?
General
