Configuring Aaa Methods For Isp Domains - H3C S5830V2 Security Configuration Manual

Step
4. (Optional.) Specify the user
search scope.
5. (Optional.) Specify the
username attribute.
6. (Optional.) Specify the
username format.
7. (Optional.) Specify the user
object class.
Creating an LDAP scheme
You can configure up to 16 LDAP schemes. An LDAP scheme can be referenced by multiple ISP domains.
To create an LDAP scheme:
Step
1. Enter system view.
2. Create an LDAP scheme
and enter its view.
Specifying the LDAP authentication server
Step
1. Enter system view.
2. Enter LDAP scheme view.
3. Specify the LDAP
authentication server.
Displaying and maintaining LDAP
Execute the display command in any view.
Task
Display the configuration of LDAP schemes.

Configuring AAA methods for ISP domains

You configure AAA methods for an ISP domain by referencing configured AAA schemes in ISP domain
view. Each ISP domain has a set of system-defined AAA methods, which are local authentication, local
authorization, and local accounting. If you do not configure any AAA methods for an ISP domain, the
device uses the system-defined AAA methods for users in the domain.
Command
search-scope { all-level |
single-level }
user-parameters
user-name-attribute
{ name-attribute | cn | uid }
user-parameters
user-name-format { with-domain |
without-domain }
user-parameters user-object-class
object-class-name
Command
system-view
ldap scheme ldap-scheme-name
Command
system-view
ldap scheme ldap-scheme-name
authentication-server server-name
39
Remarks
By default, the user search scope is
all-level.
By default, the username attribute
is cn.
By default, the username format is
without-domain.
By default, no user object is
specified, and the default user
object class on the LDAP server is
used.
Remarks
N/A
By default, no LDAP scheme is defined.
Remarks
N/A
N/A
By default, no LDAP authentication
server is specified.
Command
display ldap scheme [ scheme-name ]