/
Example for Configuring LDAP

Example for Configuring LDAP

Networking Requirements

Users are connected to the Internet through the switch. Users configure the LDAP function on the switch to accomplish authentication and authorization through LDAP server 1 and LDAP server 2.

  • LDAP Server 1: the device is used to manage user accounts and passwords.

  • LDAP Server 2: the device is used to store email, groups, contact information.

Switch A connects to the LDAP server by the corresponding interface.

NOTE:

Complete the setup and configuration of the network environment according to the network environment and confirm that the network is reachable.

Figure 1.    LDAP Configuration Example

image-20241021-091544.png

Procedure

Step 1       Enable LDAP function on Switch A.

admin@SwitchA# set system aaa ldap disable false

Step 2       Configure the command-level, permit command and group-name.

admin@SwitchA# set system aaa ldap command-level 1 permit "set vlans" admin@SwitchA# set system aaa ldap command-level 1 permit “set protocols” admin@SwitchA# set system aaa ldap group jump-arlington command-level 1 admin@SwitchA# set system aaa ldap group group1 command-level 1

Step 3       Configure LDAP server IP.

admin@SwitchA# set system aaa ldap server-ip 10.36.15.233 admin@SwitchA# set system aaa ldap server-ip 10.36.15.6

Step 4       Configure the shared secret text string used between the router and an LDAP server.

admin@SwitchA # set system aaa ldap root-dn cn=root,dc=ar-sso,dc=ar,dc=fs,dc=com admin@SwitchA# set system aaa ldap bind password fs

Step 5       Specify the distinguished name (DN) as search base.

admin@SwitchA# set system aaa ldap base-dn dc=ar-sso,dc=ar,dc=fs,dc=com

Step 6       Configure LDAP connection timeout.

admin@SwitchA# set system aaa ldap search-timeout 120

Step 7       Configure LDAP search filter to be used in search requests.

admin@SwitchA# set system aaa ldap filter user-object-class posixAccount admin@SwitchA# commit

Verifying the Configuration

The command run show ldap can be used to check the configuration information on Switch A.

admin@SwitchA# run show ldap Ldap-Status: Enable Server-Address : 10.36.15.233:389   10.36.15.6:389 Bind-Root-Dn : cn=root,dc=ar-sso,dc=ar,dc=fs,dc=com Base-Dn : dc=ar-sso,dc=ar,dc=fs,dc=com Password : ZnM= User-Object-Class : posixAccount Search-Request-Timeout: 120 sec Vrf : default

Copyright © 2025 Pica8 Inc. All Rights Reserved.