CHAPTER 6
Configuring LDAP
This chapter describes how to configure the Lightweight Directory Access Protocol (LDAP) on Cisco NX-OS
devices and includes the following sections:
• About LDAP, on page 105
• Licensing Requirements for LDAP, on page 108
• Prerequisites for LDAP, on page 108
• Guidelines and Limitations for LDAP, on page 108
• Default Settings for LDAP, on page 109
• Configuring LDAP, on page 109
• Monitoring LDAP Servers, on page 122
• Clearing LDAP Server Statistics, on page 123
• Verifying the LDAP Configuration, on page 123
• Configuration Examples for LDAP, on page 124
• Where to Go Next, on page 124
• Additional References for LDAP, on page 125
About LDAP
The Lightweight Directory Access Protocol (LDAP) provides centralized validation of users attempting to
gain access to a Cisco NX-OS device. LDAP services are maintained in a database on an LDAP daemon
running typically on a UNIX or Windows NT workstation. You must have access to and must configure an
LDAP server before the configured LDAP features on your Cisco NX-OS device are available.
LDAP provides for separate authentication and authorization facilities. LDAP allows for a single access
control server (the LDAP daemon) to provide each service authentication and authorization independently.
Each service can be tied into its own database to take advantage of other services available on that server or
on the network, depending on the capabilities of the daemon.
The LDAP client/server protocol uses TCP (port 389) for transport requirements. Cisco NX-OS devices
provide centralized authentication using the LDAP protocol.
LDAP Authentication and Authorization
Clients establish a TCP connection and authentication session with an LDAP server through a simple bind
(username and password). As part of the authorization process, the LDAP server searches its database to
retrieve the user profile and other information.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
105
To Next Page
Loading...
