User Guide
OmniAccess SafeGuard OS Administration Guide
255
Chapter 6: Configuring Authentication and Role Derivation
Configuring Active Directory Servers
For networks using Active Directory (AD) for authentication, SafeGuard OS can query
the backend AD servers for user attributes. SafeGuard OS maintains a list of the AD
servers and retrieves the information from AD by domain name and by server IP address.
You can have multiple servers per domain. SafeGuard OS first searches AD by domain,
then by IP address.
To add an AD server to the system’s list, use the aaa ldap-server command in Global
Configuration mode:
aaa ldap-server domain ip [bind-dn dn]
[
password pwd | password-encrypted pwd]
[
base-dn base]{timeout secs} {port num} {no-ssl}
The following example configures a server:
(SafeGuardOS) #configure terminal
(SafeGuardOS) (config) #aaa ldap-server authdomain 172.58.36.17 bind-dn
cn=Administrator,c=Users,dc=Alcatel-Lucent,dc=com password m00nllght base-dn
dc=Alcatel-Lucent,dc=com
(SafeGuardOS) (config) #exit
(SafeGuardOS) #
To remove an AD server, use the no version of the command. For example:
(SafeGuardOS) (config) #no aaa ldap-server authdomain 172.58.36.17
Syntax Description domain Specifies the domain for the LDAP server. You
can have multiple servers per domain.
ip The IP address of the domain server.
dn The Distinguished Name used in the LDAP bind.
pwd The login password used for the LDAP bind.
base Specifies the Distinguished Name used as a
root of all LDAP searches.
secs (Optional) Number of seconds to the backend
server. The valid range is 1 to 60 seconds. The
default is 1 second.
num (Optional) The TCP port number.
no-ssl (Optional) Turns off secure socket layer. No
information is encrypted.