Managing Ldap Authentication Servers Using The Cli - Nortel Secure Network Access Switch 4050 User Manual

256 Chapter 6 Configuring authentication

Managing LDAP authentication servers using the CLI

You can configure additional LDAP servers for the domain, for redundancy. You
can have a maximum of three LDAP authentication servers in the configuration.
You can control the order in which the LDAP servers respond to authentication
requests.
If there is more than one LDAP server configured for the Nortel SNAS 4050
domain, the first accessible LDAP server in the list returns a reply to the query.
This stops the query, regardless of whether or not the client's credentials were
matched. If you add more than one LDAP server to the domain, for redundancy,
ensure that each listed LDAP server contains the same SSL domain client
database.
If the Nortel SNAS 4050 clients are dispersed in different LDAP server databases,
you can configure the LDAP servers as separate authentication methods, with
different authentication IDs. If you include all LDAP authentication IDs in the
authentication order, each LDAP server will be used to authenticate client groups.
To enable LDAP authentication, ensure that the authentication ID that represents
the LDAP configuration is included in the authentication order you have specified
for the Nortel SNAS 4050 domain (see
using the CLI" on page
To manage the LDAP servers used for client authentication in the domain, use the
following command:
/cfg/domain 1/aaa/auth #/ldap/servers
The LDAP servers menu displays.
The LDAP servers menu includes the following options:
/cfg/domain 1/aaa/auth #/ldap/servers
followed by:
list
320818-A
"Specifying authentication fallback order
267).
Lists the IP address and port of currently configured
LDAP servers, by index number.