/
Example for Configuring LDAP

Example for Configuring LDAP

Owned by shengxiuhua (Unlicensed)
Last updated: Oct 21, 2024
2 min read

Networking Requirements

Users are connected to the Internet through the switch. Users configure the LDAP function on the switch to accomplish authentication and authorization through LDAP server 1 and LDAP server 2.

  • LDAP Server 1: the device is used to manage user accounts and passwords.

  • LDAP Server 2: the device is used to store email, groups, contact information.

Switch A connects to the LDAP server by the corresponding interface.

NOTE:

Complete the setup and configuration of the network environment according to the network environment and confirm that the network is reachable.

Figure 1.    LDAP Configuration Example

image-20241021-091544.png

Procedure

Step 1       Enable LDAP function on Switch A.

admin@SwitchA# set system aaa ldap disable false

Step 2       Configure the command-level, permit command and group-name.

admin@SwitchA# set system aaa ldap command-level 1 permit "set vlans" admin@SwitchA# set system aaa ldap command-level 1 permit “set protocols” admin@SwitchA# set system aaa ldap group jump-arlington command-level 1 admin@SwitchA# set system aaa ldap group group1 command-level 1

Step 3       Configure LDAP server IP.

admin@SwitchA# set system aaa ldap server-ip 10.36.15.233 admin@SwitchA# set system aaa ldap server-ip 10.36.15.6

Step 4       Configure the shared secret text string used between the router and an LDAP server.

admin@SwitchA # set system aaa ldap root-dn cn=root,dc=ar-sso,dc=ar,dc=fs,dc=com admin@SwitchA# set system aaa ldap bind password fs

Step 5       Specify the distinguished name (DN) as search base.

admin@SwitchA# set system aaa ldap base-dn dc=ar-sso,dc=ar,dc=fs,dc=com

Step 6       Configure LDAP connection timeout.

admin@SwitchA# set system aaa ldap search-timeout 120

Step 7       Configure LDAP search filter to be used in search requests.

admin@SwitchA# set system aaa ldap filter user-object-class posixAccount admin@SwitchA# commit

Verifying the Configuration

The command run show ldap can be used to check the configuration information on Switch A.

admin@SwitchA# run show ldap Ldap-Status: Enable Server-Address : 10.36.15.233:389   10.36.15.6:389 Bind-Root-Dn : cn=root,dc=ar-sso,dc=ar,dc=fs,dc=com Base-Dn : dc=ar-sso,dc=ar,dc=fs,dc=com Password : ZnM= User-Object-Class : posixAccount Search-Request-Timeout: 120 sec Vrf : default

Related content

Copyright © 2025 Pica8 Inc. All Rights Reserved.