User manual
Overview
13-20
13.1.9 ldap-server
RADIUS Configuration Commands
Use this command to configure LDAP server parameters. It uses the exisitng external database in form of active
directory with the onboard RADIUS server instead of loacl database on the switch.
Syntax
ldap-server[primary|secondary] (host <A.B.C.D>) (port <1-65535>)
(login <name>) (bind-dn <name>) (base-dn <name>) (passwd [0|2|WORD]) (passwd-
attr0 (group-attr)(group-filter)(group-membership)(net-timeout)
Parameters
Usage Guidelines
Use the login filter and group filter values, described in the example below, for all LDAP configuration
scenarios.
Use
passwd parameter to enter the password for active directory user mentioned in bind -dn. This will be used
for initial login to the active directory.
The
passwd-attr and group-membership is retained as described in the example.
primary Primary LDAP server configuration.
secondary Secondary LDAP server configuration.
host <LDAP IP Address> LDAP server ip configuration.
• A.B.C.D – LDAP server ip address
port <number> Enter the TCP/IP port number for the LDAP server acting as the data source.
login Use the following as the login:
(sAMAccountName=%{Stripped-User-Name:-%{User-Name}})
bind-dn Specifies the distinguished name to bind with the LDAP server.
base-dn Specifies a distinguished name that establishes the base object for the search.
The base object is the point in the LDAP tree at which to start searching.
passwd Enter a valid password for the LDAP server.
passwd-attr Enter the password attribute used by the LDAP server for authentication.
group-attr Specifies the group attribute used by the LDAP server.
group-filter Specifies the group filters used by your LDAP server.
group-membership Specifies the Group Member Attribute sent to the LDAP server when
authenticating users.
net-timeout Enter a timeout the system uses to terminate the connection to the RADIUS
Server if no activity is detected.