enable Cert-DN-match
To enable LDAP users to login only if the user profile lists the subject-DN of the user certificate as authorized
for login, use the enable Cert-DN-match command. To disable this configuration, use the no form of this
command.
enable Cert-DN-match
no enable Cert-DN-match
Syntax Description
This command has no arguments or keywords.
Command Default
Disabled
Command Modes
LDAP server group configuration
Command History
ModificationRelease
This command was introduced.5.0(2)
Usage Guidelines
This command does not require a license.
Examples
This example shows how to enable LDAP users to login only if the user profile lists the subject-DN of the
user certificate as authorized for login:
switch# configure terminal
switch(config)# aaa group server ldap LDAPServer1
switch(config-ldap)# server 10.10.2.2
switch(config-ldap)# enable Cert-DN-match
switch(config-ldap)
Related Commands
DescriptionCommand
Creates an LDAP server group and enters the LDAP
server group configuration mode for that group.
aaa group server ldap
Enables group validation for an LDAP server group.enable user-server-group
Configures the LDAP server as a member of the
LDAP server group.
server
Displays the LDAP server group configuration.show ldap-server groups
Cisco Nexus 7000 Series Security Command Reference
286
E Commands
enable Cert-DN-match
To Next Page
Loading...
