Table of Contents
Advertisement
LDAP Servers
Creating an LDAP Authentication Server
An example of creating an LDAP server:
-> aaa ldap-server ldap2 host 10.10.3.4 dn cn=manager password tpub base c=us
In this example, the switch can communicate with an LDAP server (called ldap2) that has an IP address of
10.10.3.4, a domain name of cn=manager, a password of tpub, and a searchbase of c=us. These parame-
ters must match the same parameters configured on the server itself.
Note. The distinguished name must be different from the searchbase name.
Modifying an LDAP Authentication Server
To modify an LDAP authentication server, use the aaa ldap-server command with the server name; or, if
you have just entered the aaa ldap-server command to create or modify the server, you can use command
prefix recognition. For example:
-> aaa ldap-server ldap2 password my_pass
-> timeout 4
In this example, an existing LDAP server is modified with a different password, and then the timeout is
modified on a separate line. These two command lines are equivalent to:
-> aaa ldap-server ldap2 password my_pass timeout 4
Setting Up SSL for an LDAP Authentication Server
A Secure Socket Layer (SSL) can be set up on the server for additional security. When SSL is enabled, the
server identity is authenticated. The authentication requires a certificate from a Certification Authority
(CA). If the CA providing the certificate is well-known, the certificate is automatically extracted from the
Kbase.img file on the switch (certs.pem). If the CA is not well-known, the CA certificate must be
transferred to the switch through FTP to the /flash/certified or /flash/working directory and must be named
optcerts.pem. The switch merges either or both of these files into a file called ldapcerts.pem.
To set up SSL on the server, specify ssl with the aaa ldap-server command:
-> aaa ldap-server ldap2 ssl
The switch automatically sets the port number to 636 when SSL is enabled. The 636 port number is
typically used on LDAP servers for SSL. The port number on the switch must match the port number
configured on the server. If the port number on the server is different from the default, use the aaa
ldap-server command with the port keyword to configure the port number. For example, if the server port
number is 635, enter the following:
-> aaa ldap-server ldap2 port 635
The switch can now communicate with the server on port 635.
To remove SSL from the server, use no with the ssl keyword. For example:
-> aaa ldap-server ldap2 no ssl
SSL is now disabled for the server.
page 29-26
OmniSwitch AOS Release 7 Network Configuration Guide
Managing Authentication Servers
June 2013
- Quick Links:
- Configuring Vlans
Hide quick links:
Advertisement
Table of Contents
