•
•
13.1.4 AAA configuration algorithm via LDAP
Step Description Command Keys
1 Specify basic DN (Distinguished name)
which will be used when searching for
users.
esr(config)# ldap-server base-dn
<NAME>
<NAME> – basic DN, set by the
string of up to 255 characters.
2 Set the interval after which the router
assumes that the LDAP server is not
available (optional).
esr(config)# ldap-server bind
timeout <SEC>
<SEC> – time interval in
seconds, takes values of
[1..30].
Default value: 3 seconds.
3 Specify the DN (Distinguished name) of
a user with administrator rights, under
which authorization will take place on
the LDAP server when searching for
users.
esr(config)# ldap-server bind
authenticate root-dn <NAME>
<NAME> – DN of a user with
administration rights, set by the
string of up to 255 characters.
4 Specify the password of a user with
administrator rights, under which
authorization will take place on the
LDAP server when searching for users.
esr(config)# ldap-server bind
authenticate root-password ascii-
text
{ <TEXT> | encrypted
<ENCRYPTED-TEXT> }
<TEXT> – string [8..16] ASCII
characters;
<ENCRYPTED-TEXT> –
encrypted password, [8..16]
bytes size, set by the string of
[16..32] characters.
5 Specify a class name of the objects
among which it is necessary to search
for users on LDAP server (optional).
esr(config)# ldap-server search
filter user-object-class <NAME>
<NAME> – object class name,
set by the string of up to 127
characters.
Default value: posixAccount.
6 Specify the user search scope in LDAP
server tree (optional).
esr(config)# ldap-server search
scope <SCOPE>
<SCOPE> – user search scope
on LDAP server, takes the
following values:
onelevel – search
through the objects on
the level following a
basic DN tree in LDAP
server tree;
subtree – search through
all objects of basic DN
subtree in LDAP server
tree.
Default value: subtree.
To Next Page
Loading...
