Configuring LDAP Authentication on the Switch
1. Turn LDAP authentication on, then configure the Primary and Secondary LDAP
servers.
2. Configure the domain name.
3. If desired, you may change the default TCP port number used to listen to LDAP.
4. Configure the number of retry attempts for contacting the LDAP server and the
timeout period.
5. You may change the default LDAP attribute (uid) or add a custom attribute. For
instance, Microsoft's Active Directory requires the cn (common name) attribute.
© Copyright Lenovo 2018
NE2552E(config)# ldap-server enable
NE2552E(config)# ldap-server primary-host 10.10.1.1
NE2552E(config)# ldap-server secondary-host 10.10.1.2
NE2552E(config)# ldap-server domain <ou=people,dc=my‐domain,dc=com>
The well‐known port for LDAP is 389.
NE2552E(config)# ldap-server port <1‐65000>
NE2552E(config)# ldap-server retransmit 3 (number of server retries)
NE2552E(config)# ldap-server timeout 10 (enter the timeout period in seconds)
NE2552E(config)# ldap-server attribute username <1‐128 alpha‐numeric characters>
Chapter 5: Authentication & Authorization Protocols
111