Versions Compared

Old Version 1

changes.mady.by.user shengxiuhua

Saved on

compared with

New Version 2

changes.mady.by.user shengxiuhua

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Networking Requirements

Users are connected to the Internet through the switch. Users configure the LDAP function on the switch to accomplish authentication and authorization through LDAP server 1 and LDAP server 2.

  • LDAP Server 1: the device is used to manage user accounts and passwords.

  • LDAP Server 2: the device is used to store email, groups, contact information.

Switch A connects to the LDAP server by the corresponding interface.

Info

NOTE:

Complete the setup and configuration of the network environment according to the network environment and confirm that the network is reachable.

Figure 1.    LDAP Configuration Example

...

Procedure

Step 1       Enable LDAP function on Switch A.

Code Block
admin@SwitchA# set system aaa ldap disable false

Step 2       Configure the command-level, permit command and group-name.

Code Block
admin@SwitchA# set system aaa ldap command-level 1 permit "set vlans"
admin@SwitchA# set system aaa ldap command-level 1 permit “set protocols”
admin@SwitchA# set system aaa ldap group jump-arlington command-level 1
admin@SwitchA# set system aaa ldap group group1 command-level 1

Step 3       Configure LDAP server IP.

Code Block
admin@SwitchA# set system aaa ldap server-ip 10.36.15.233
admin@SwitchA# set system aaa ldap server-ip 10.36.15.6

Step 4       Configure the shared secret text string used between the router and an LDAP server.

Code Block
admin@SwitchA # set system aaa ldap root-dn cn=root,dc=ar-sso,dc=ar,dc=fs,dc=com
admin@SwitchA# set system aaa ldap bind password fs

Step 5       Specify the distinguished name (DN) as search base.

Code Block
admin@SwitchA# set system aaa ldap base-dn dc=ar-sso,dc=ar,dc=fs,dc=com

Step 6       Configure LDAP connection timeout.

Code Block
admin@SwitchA# set system aaa ldap search-timeout 120

Step 7       Configure LDAP search filter to be used in search requests.

Code Block
admin@SwitchA# set system aaa ldap filter user-object-class posixAccount
admin@SwitchA# commit

Verifying the Configuration

The command run show ldap can be used to check the configuration information on Switch A.

Code Block
admin@SwitchA# run show ldap
Ldap-Status           : Enable
Server-Address        : 10.36.15.233:389   10.36.15.6:389
Bind-Root-Dn          : cn=root,dc=ar-sso,dc=ar,dc=fs,dc=com
Base-Dn               : dc=ar-sso,dc=ar,dc=fs,dc=com
Password              : ZnM=
User-Object-Class     : posixAccount
Search-Request-Timeout: 120 sec
Vrf : default