ldap-server

Description                                                    Set Lightweight Directory Access Protocol (LDAP) parameters for authenticating administra­tive access to the ACOS device.

Syntax                                                                  [no] ldap-server host 
{
hostname | ipaddr}
{
cn cn-name dn dn-name |
  
domain domain-name [base base-domain] [group group-id]}
[port portnum] 
[ssl]
[timeout seconds]

Parameter

Description

hostname

Host name of the LDAP server.

ipaddr

IP address of the LDAP Server.

cn-name

Value for the Common Name (CN) attribute.

dn-name

Value for the Distinguished Name (DN) attribute.

The DN attribute does not support spaces or quotation marks. For example, the following DN string syntax is valid:

cn=xxx3,dc=maxcrc,dc=com

The following string is not valid because of the quotation marks and space character:

“cn=xxx3,dc=max crc,dc=com”

domain-name

Active Directory domain name.

base-domain

Base domain to which the user belongs.

group-id

Group ID to which the user belongs.

portnum

Protocol port on which the server listens for LDAP traffic.

The default is 389.

seconds

Maximum number of seconds the ACOS device waits for a reply from the LDAP server for a given request (1-60 seconds). If the LDAP server does not reply before the timeout, authentication of the admin fails.

The default is 44 seconds.

ssl

Authenticate using SSL.

Default                                                                No LDAP servers are configured by default. When you add an LDAP server, it has the default settings described in the table above.

Mode                                                                   Configuration mode

Usage                                                                  LDAP is a AAA protocol that the ACOS device can use to authenticate admins and authorize their management access based on admin account information on external LDAP servers.

This release supports the following types of LDAP servers:

     OpenLDAP

     Microsoft Active Directory (AD)

To enable LDAP authentication, use the following command at the global configuration level of the CLI:

[no] authentication type ldap [method2 [method3 [method4]]]

To use backup methods, specify them in the order you want to use them.

Nested OUs

To use nested OUs, specify the nested OU first, then the root. For example, a user account could be nested as follows:

Root OU= Service Accounts -> OU=StaffElevatedAccounts -> UserAccUser1

To configure the ACOS device to provide LDAP AAA for “UserAccUser1”, use a command such as the following:

ldap-server host ldapserver.ad.example.edu cn cn dn ou=StaffElevatedAccounts,
ou=ServiceAccounts,dc=ad,dc=example,dc=edu

 

Example                                                            The following commands enable LDAP authentication and add LDAP server 192.168.101.24:

ACOS(config)#authentication type ldap

ACOS(config)#ldap-server host 192.168.101.24 cn cn dn ou=UserAccount,dc=example,dc=com

Table of Contents

Index

Glossary

-Search-

Back