Configuring LDAP
Procedure
Step 1Â Â Â (Optional) Configure the command-level, permit command and group-name, LDAP users in different groups have different permissions.
set system aaa ldap command-level <value> permit <command>
set system aaa ldap group <group-name> command-level <value>
NOTE:
Admins should implement a fine-grained privilege control policy that carefully configures the set of commands (by using command permit
<command>) that can be executed for each user role. This process is designed to ensure that each user has access to only the system resources and operations necessary, thereby significantly improving system security and operational accuracy.
Step 2Â Â Â Configure the IPv4 address and port of the LDAP server, user can configure up to two server IPs.
set system aaa ldap server-ip <ipv4-address> port <port>
Step 3Â Â Â (Optional) Configure the shared secret text string used between the router and an LDAP server.
set system aaa ldap bind root-dn <txt>
set system aaa ldap bind password <encrypted-password>
Step 4Â Â Â Specifies the distinguished name (DN) as search base.
set system aaa ldap base-dn <txt>
Step 5Â Â Â Â (Optional) Specifies the time limit of a router waits for a response from an LDAP request.
set system aaa ldap search-timeout < value>
Step 6Â Â Â Â (Optional) Specifies the search filter to be used in the search requests.
set system aaa ldap filter user-object-class <txt>
Step 7Â Â Â Commit the configuration.
commit
Step 8Â Â Â View the configuration information and status of LDAP.
run show ldap
show | display set
NOTE:
Users can use following command to view the permit command and command-level of them own.
show | display set
Â
Copyright © 2024 Pica8 Inc. All Rights Reserved.