Versions Compared

Old Version 1

changes.mady.by.user shengxiuhua

Saved on

compared with

New Version Current

changes.mady.by.user shengxiuhua

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Table of Contents
minLevel1
maxLevel6
outlinefalse
styledefault
typelist
printabletrue

Networking Requirements

Users are connected to the Internet through the switch. Users configure the LDAP function on the switch to accomplish authentication and authorization through LDAP server 1 and LDAP server 2.

  • LDAP Server 1: the device is used to manage user accounts and passwords.

  • LDAP Server 2: the device is used to store email, groups, contact information.

Switch A connects to the LDAP server by the corresponding interface.

Info

NOTE:

Complete the setup and configuration of the network environment according to the network environment and confirm that the network is reachable.

Figure 1.    LDAP Configuration Example

...

Procedure

Step 1       Enable LDAP function on Switch A.

Code Block
admin@SwitchA# set system aaa ldap disable false

Step 2       Configure the command-level, permit command and group-name.

Code Block
admin@SwitchA# set system aaa ldap command-level 1 permit "set vlans"
admin@SwitchA# set system aaa ldap command-level 1 permit “set protocols”
admin@SwitchA# set system aaa ldap group jump-arlington command-level 1
admin@SwitchA# set system aaa ldap group group1 command-level 1

Step 3       Configure LDAP server IP.

Code Block
admin@SwitchA# set system aaa ldap server-ip 10.36.15.233
admin@SwitchA# set system aaa ldap server-ip 10.36.15.6

Step 4       Configure the shared secret text string used between the router and an LDAP server.

Code Block
admin@SwitchA # set system aaa ldap root-dn cn=root,dc=ar-sso,dc=ar,dc=fs,dc=com
admin@SwitchA# set system aaa ldap bind password fs

Step 5       Specify the distinguished name (DN) as search base.

Code Block
admin@SwitchA# set system aaa ldap base-dn dc=ar-sso,dc=ar,dc=fs,dc=com

Step 6       Configure LDAP connection timeout.

Code Block
admin@SwitchA# set system aaa ldap search-timeout 120

Step 7       Configure LDAP search filter to be used in search requests.

Code Block
admin@SwitchA# set system aaa ldap filter user-object-class posixAccount
admin@SwitchA# commit

Verifying the Configuration

The command run show ldap can be used to check the configuration information on Switch A.

Code Block
admin@SwitchA# run show ldap
Ldap-Status: Enable
Server-Address : 10.36.15.233:389   10.36.15.6:389
Bind-Root-Dn : cn=root,dc=ar-sso,dc=ar,dc=fs,dc=com
Base-Dn : dc=ar-sso,dc=ar,dc=fs,dc=com
Password  : ZnM=
User-Object-Class : posixAccount
Search-Request-Timeout: 120 sec
Vrf : default