Example for Configuring LDAP

1 Networking Requirements
2 Procedure
- 2.1 Verifying the Configuration

Networking Requirements

Users are connected to the Internet through the switch. Users configure the LDAP function on the switch to accomplish authentication and authorization through LDAP server 1 and LDAP server 2.

LDAP Server 1: the device is used to manage user accounts and passwords.
LDAP Server 2: the device is used to store email, groups, contact information.

Switch A connects to the LDAP server by the corresponding interface.

NOTE:

Complete the setup and configuration of the network environment according to the network environment and confirm that the network is reachable.

Figure 1. LDAP Configuration Example

Procedure

Step 1 Enable LDAP function on Switch A.

admin@SwitchA# set system aaa ldap disable false

Step 2 Configure the command-level, permit command and group-name.

admin@SwitchA# set system aaa ldap command-level 1 permit "set vlans"
admin@SwitchA# set system aaa ldap command-level 1 permit “set protocols”
admin@SwitchA# set system aaa ldap group jump-arlington command-level 1
admin@SwitchA# set system aaa ldap group group1 command-level 1

Step 3 Configure LDAP server IP.

admin@SwitchA# set system aaa ldap server-ip 10.36.15.233
admin@SwitchA# set system aaa ldap server-ip 10.36.15.6

Step 4 Configure the shared secret text string used between the router and an LDAP server.

Step 5 Specify the distinguished name (DN) as search base.

Step 6 Configure LDAP connection timeout.

Step 7 Configure LDAP search filter to be used in search requests.

Verifying the Configuration

The command run show ldap can be used to check the configuration information on Switch A.