Specifying the LDAP authentication server
Step
1.
Enter system view.
2.
Enter LDAP scheme view.
3.
Specify the LDAP
authentication server.
Displaying and maintaining LDAP
Execute the display command in any view.
Task
Display the configuration of LDAP schemes.
Configuring AAA methods for ISP domains
You configure AAA methods for an ISP domain by referencing configured AAA schemes in ISP domain
view. Each ISP domain has a set of system-defined AAA methods, which are local authentication, local
authorization, and local accounting. If you do not configure any AAA methods for an ISP domain, the
device uses the system-defined AAA methods for users in the domain.
The AAA feature handles login users only after you enable scheme authentication for these users. For
more information about the login authentication modes, see Fundamentals Configuration Guide.
Configuration prerequisites
To use local authentication for users in an ISP domain, configure local user accounts on the device first.
See
"Configuring local user
To use remote authentication, authorization, and accounting, create the required RADIUS, HWTACACS,
or LDAP schemes. For more information about the scheme configuration, see
schemes,"
"Configuring HWTACACS
Creating an ISP domain
In a networking scenario with multiple ISPs, the device can connect to users of different ISPs. These users
can have different user attributes, such as different username and password structures, different service
types, and different rights. To manage users of different ISPs, configure ISP domains, and configure AAA
methods and domain attributes for each ISP domain as needed.
The device supports up to 16 ISP domains, including the system-defined ISP domain system. You can
specify one of the ISP domains as the default domain.
On the device, each user belongs to an ISP domain. If a user provides no ISP domain name at login, the
device considers the user belongs to the default ISP domain.
The device chooses an authentication domain for each user in the following order:
Command
system-view
ldap scheme ldap-scheme-name
authentication-server server-name
attributes."
schemes," and
43
Remarks
N/A
N/A
By default, no LDAP authentication
server is specified.
Command
display ldap scheme [ scheme-name ]
"Configuring LDAP
schemes."
"Configuring RADIUS