Example for Configuring LDAP
Networking Requirements
Users are connected to the Internet through the switch. Users configure the LDAP function on the switch to accomplish authentication and authorization through LDAP server 1 and LDAP server 2.
LDAP Server 1: the device is used to manage user accounts and passwords.
LDAP Server 2: the device is used to store email, groups, contact information.
Switch A connects to the LDAP server by the corresponding interface.
NOTE:
Complete the setup and configuration of the network environment according to the network environment and confirm that the network is reachable.
Figure 1. LDAP Configuration Example
Procedure
Step 1 Enable LDAP function on Switch A.
admin@SwitchA# set system aaa ldap disable false
Step 2 Configure the command-level, permit command and group-name.
admin@SwitchA# set system aaa ldap command-level 1 permit "set vlans"
admin@SwitchA# set system aaa ldap command-level 1 permit “set protocols”
admin@SwitchA# set system aaa ldap group jump-arlington command-level 1
admin@SwitchA# set system aaa ldap group group1 command-level 1
Step 3 Configure LDAP server IP.
admin@SwitchA# set system aaa ldap server-ip 10.36.15.233
admin@SwitchA# set system aaa ldap server-ip 10.36.15.6
Step 4 Configure the shared secret text string used between the router and an LDAP server.
admin@SwitchA # set system aaa ldap root-dn cn=root,dc=ar-sso,dc=ar,dc=fs,dc=com
admin@SwitchA# set system aaa ldap bind password fs
Step 5 Specify the distinguished name (DN) as search base.
admin@SwitchA# set system aaa ldap base-dn dc=ar-sso,dc=ar,dc=fs,dc=com
Step 6 Configure LDAP connection timeout.
admin@SwitchA# set system aaa ldap search-timeout 120
Step 7 Configure LDAP search filter to be used in search requests.
admin@SwitchA# set system aaa ldap filter user-object-class posixAccount
admin@SwitchA# commit
Verifying the Configuration
The command run show ldap can be used to check the configuration information on Switch A.
admin@SwitchA# run show ldap
Ldap-Status: Enable
Server-Address : 10.36.15.233:389 10.36.15.6:389
Bind-Root-Dn : cn=root,dc=ar-sso,dc=ar,dc=fs,dc=com
Base-Dn : dc=ar-sso,dc=ar,dc=fs,dc=com
Password : ZnM=
User-Object-Class : posixAccount
Search-Request-Timeout: 120 sec
Vrf : default
Related content
Copyright © 2025 Pica8 Inc. All Rights Reserved.