Directory Server Schema For Ldap Authentication; Vendor-Specific Attributes For Ldap Servers - Alcatel-Lucent OmniSwitch 6850-48 Network Configuration Manual
Software release 6
Hide thumbs
Also See for OmniSwitch 6850-48:
- Cli reference manual (3706 pages) ,
- Management manual (312 pages) ,
- Hardware user's manual (188 pages)
Table of Contents
Advertisement
Managing Authentication Servers
Directory Server Schema for LDAP Authentication
Object classes and attributes will need to be modified accordingly to include LDAP authentication in the
network (object classes and attributes are used specifically here to map user account information contained
in the directory servers).
•
All LDAP-enabled directory servers require entry of an auxiliary objectClass:passwordObject for user
password policy information.
•
Another auxiliary objectClass: password policy is used by the directory server to apply the password
policy for the entire server. There is only one entry of this object for the database server.
Note. Server schema extensions should be configured before the aaa ldap-server command is configured.
Vendor-Specific Attributes for LDAP Servers
The following are Vendor Specific Attributes (VSAs) for Authenticated Switch Access and/or Layer 2
Authentication:
attribute
bop-asa-func-priv-read-1
bop-asa-func-priv-read-2
bop-asa-func-priv-write-1
bop-asa-func-priv-write-2
bop-asa-allowed-access
bop-asa-snmp-level-security
bop-shakey
bop-md5key
allowedtime
switchgroups
Configuring Functional Privileges on the Server
Configuring the functional privileges attributes (bop-asa-func-priv-read-1, bop-asa-func-priv-read-2,
bop-asa-func-priv-write-1, bop-asa-func-priv-write-2) requires using read and write bitmasks for
command families on the switch.
1
To display the functional bitmasks of the desired command families, use the
2
On the LDAP server, configure the functional privilege attributes with the bitmask values.
For more information about configuring users on the switch, see the Switch Security chapter of the
OmniSwitch AOS Release 6 Switch Management Guide.
OmniSwitch AOS Release 6 Network Configuration Guide
description
Read privileges for the user.
Read privileges for the user.
Write privileges for the user.
Write privileges for the user.
Whether the user has access to configure the switch.
Whether the user may have SNMP access, and the
type of SNMP protocol used.
A key computed from the user password with the
alp2key tool.
A key computed from the user password with the
alp2key tool.
The periods of time the user is allowed to log into the
switch.
The VLAN ID and protocol (IP_E2, IP_SNAP,
IPX_E2, IPX_NOV, IPX_LLC, IPX_SNAP).
September 2009
LDAP Servers
show aaa hic
command.
page 35-23
Hide quick links:
Advertisement
Table of Contents
