Overview
19-20
19.1.9 ldap-server
RADIUS Configuration Commands
Use this command to configure LDAP server parameters. It uses the exisitng external database in form of an
active directory with the onboard RADIUS server instead of a local database on the switch.
Syntax
ldap-server[primary|secondary] (host <A.B.C.D>) (port <1-65535>)
(login <name>) (bind-dn <name>) (base-dn <name>) (passwd [0|2|WORD]) (passwd-
attr0 (group-attr)(group-filter)(group-membership)(net-timeout)
Parameters
Usage Guidelines
Use the login filter and group filter values, described in the example on the following page, for all LDAP
configuration scenarios.
Use
passwd parameter to enter the password for active directory user mentioned in bind -dn. This will be used
for initial login to the active directory.
The
passwd-attr and group-membership is retained as described in the example.
primary Primary LDAP server configuration.
secondary Secondary LDAP server configuration.
host <LDAP IP Address> LDAP server ip configuration.
• A.B.C.D – LDAP server ip address
port <number> Enter the TCP/IP port number for the LDAP server acting as the data source.
login Use the following as the login:
(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})
bind-dn Specifies the distinguished name to bind with the LDAP server.
base-dn Specifies a distinguished name that establishes the base object for the search.
The base object is the point in the LDAP tree at which to start searching.
passwd Enter a valid password for the LDAP server.
passwd-attr Enter the password attribute used by the LDAP server for authentication.
group-attr Specifies the group attribute used by the LDAP server.
group-filter Specifies the group filters used by the LDAP server.
group-membership Specifies the group member attribute sent to the LDAP server when
authenticating users.
net-timeout Enter a timeout the system uses to terminate the connection to the RADIUS
Server if no activity is detected.
To Next Page
Loading...
Need help?
General
