Table of Contents
Advertisement
LDAP Servers
Directory Server Schema for LDAP Authentication
Object classes and attributes need to be modified accordingly to include LDAP authentication in the
network (object classes and attributes are used specifically here to map user account information contained
in the directory servers).
•
All LDAP-enabled directory servers require entry of an auxiliary objectClass:passwordObject for user
password policy information.
•
Another auxiliary objectClass: password policy is used by the directory server to apply the password
policy for the entire server. There is only one entry of this object for the database server.
Note. Server schema extensions must be configured before the aaa ldap-server command is configured.
Vendor-Specific Attributes for LDAP Servers
The following are Vendor Specific Attributes (VSAs) for Authenticated Switch Access and/or Layer 2
Authentication:
attribute
bop-asa-func-priv-read-1
bop-asa-func-priv-read-2
bop-asa-func-priv-write-1
bop-asa-func-priv-write-2
bop-asa-allowed-access
bop-asa-snmp-level-security
bop-shakey
bop-md5key
allowedtime
switchgroups
page 29-20
description
Read privileges for the user.
Read privileges for the user.
Write privileges for the user.
Write privileges for the user.
Whether the user has access to configure the switch.
Whether the user can have SNMP access, and the
type of SNMP protocol used.
A key computed from the user password with the
alp2key tool.
A key computed from the user password with the
alp2key tool.
The periods of time the user is allowed to log into the
switch.
The VLAN ID and protocol (IP_E2, IP_SNAP,
IPX_E2, IPX_NOV, IPX_LLC, IPX_SNAP).
OmniSwitch AOS Release 7 Network Configuration Guide
Managing Authentication Servers
June 2013
- Quick Links:
- Configuring Vlans
Hide quick links:
Advertisement
Table of Contents
