Configuring an LDAP Server

The following table describes the parameters that you configure for an LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. server.

Table 1: LDAP Server Configuration Parameters

Parameter

Description

Host

IP address of the LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. server.

Default: N/A

Admin-dn

Distinguished name for the admin user who has read/search privileges across all the entries in the LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. database (the user does need write privileges, but will be able to search the database, and read attributes of other users in the database).

Admin-passwd

Password for the admin user.

Default: NAAN

Re-type admin-passwd

Re-enter the admin password.

Allow Clear-Text

Allows clear-text (unencrypted) communication with the LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. server.

Default: disabled

Auth port

Port number used for authentication.

Default: 389

Base-dn

Distinguished Name of the node that contains the entire user database.

Default: N/A

Filter

A string searches for users in the LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. database. The default filter string is: (objectclass=*).

Default: N/A

Key Attribute

A string searches for a LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. server. For Active Directory Microsoft Active Directory. The directory server that stores information about a variety of things, such as organizations, sites, systems, users, shares, and other network objects or components. It also provides authentication and authorization mechanisms, and a framework within which related services can be deployed., the value is sAMAccountName.

Default: sAMAccountName

Timeout

Timeout period of a LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. request, in seconds.

Default: 20 seconds

Mode

Enables or disables the server.

Default: enabled

Preferred Connection Type

Preferred type of connection between a managed device and the LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. server. The default order of connection type is:

1. clear-text

2. ldap-s

3. start-tls

The managed device first attempts to contact the LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. server using the preferred connection type, and only attempts to use a lower-priority connection type if the first attempt is not successful.

NOTE: If you select clear-text as the preferred connection type, you must also enable the allow-cleartext option.

Maximum number of non-admin connections

Configure the maximum number of non-admin connections to the server.

Default: 4

Chase referral

Chase referrals anonymously.

The following procedure describes how to configure an LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. server:

1. In the Mobility Master node hierarchy, navigate to the Configuration > Authentication > Auth Servers tab.

2. To configure an LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. server, click + under All Servers. Enter the Name and IP address / hostname of the server. Set the Type to Ldap and click Submit.

3. Select the name of the server created to configure server parameters. Enter parameters as described in Table 1. Select the Mode check box to activate the authentication server.

4. Click Submit.

5. Click Pending Changes.

6. In the Pending Changes window, select the check box and click Deploy changes.

 

The configuration does not take effect until you perform this step.

The following CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. command configures an LDAP Lightweight Directory Access Protocol. LDAP is a communication protocol that provides the ability to access and maintain distributed directory information services over a network. server:

(host) [mynode] (config) #aaa authentication-server ldap <name>

host <ipaddr>

(enter parameters as described in Table 1)

enable