Procedure
Step 1 (Optional) Configure the command-level, permit command and group-name, LDAP users in different groups have different permissions.
set system aaa ldap command-level <value> permit <command>
set system aaa ldap group <group-name> command-level <value>
| Info |
|---|
NOTE: Admins should implement a fine-grained privilege control policy that carefully configures the set of commands (by using command |
Step 2 Configure the IPv4 address and port of the LDAP server, user can configure up to two server IPs.
set system aaa ldap server-ip <ipv4-address>port <port>
Step 3 (Optional) Configure the shared secret text string used between the router and an LDAP server.
set system aaa ldap bind root-dn <txt>
set system aaa ldap bind password <encrypted-password>
Step 4 Specifies the distinguished name (DN) as search base.
set system aaa ldap base-dn <txt>
Step 5 (Optional) Specifies the time limit of a router waits for a response from an LDAP request.
set system aaa ldap search-timeout < value>
Step 6 (Optional) Specifies the search filter to be used in the search requests.
set system aaa ldap filter user-object-class <txt>
Step 7 Commit the configuration.
commit
Step 8 View the configuration information and status of LDAP.
run show ldap
show | display set
| Info | ||
|---|---|---|
NOTE: Users can use following command to view the permit command and command-level of them own.
|