6. Configure the distinguished name (DN) and password (optional).
7. Configure the root DN:
8. Configure the user search attribute (optional):
9. Configure the group search attribute (optional):
10. Configure the login permissions attribute:
11. Configure the group filter attribute (optional):
12. Enable DNS server verification:
Disabling LDAPS
© Copyright Lenovo 2018
NE2552E(config)# ldap-server binddn dn "<distinguished name> "
NE2552E(config)# ldap-server binddn key "<password> "
If this is not configured, the switch will use user‐provided login credentials to
bind. A DN will then be constructed from the userʹs login credentials and then
used in the initial BIND attempt.
NE2552E(config)# ldap-server basedn <root DN name>
NE2552E(config)# ldap-server attribute username <search attribute>
If no user search attribute is specified, the default is uid.
NE2552E(config)# ldap-server attribute group <search attribute>
If no group search attribute is specified, the default is memberOf.
NE2552E(config)# ldap-server attribute login-permission <attribute>
Note: If no login permissions attribute is configured, LDAP client will not
function.
NE2552E(config)# ldap-server group-filter <filter attributes separated by comma>
Note: The group filter string must contain no whitespace.
If no group filter attribute is configured, no groups will be filtered and all groups
will be considered in any search.
NE2552E(config)# ldap-server srv
To disable LDAPS, enter:
NE2552E(config)# ldap-server security clear
NE2552E(config)# ldap-server mode legacy
For information about using LDAP in Legacy Mode, see "LDAP Authentication
and Authorization" on page
110.
Chapter 37: Secure Input/Output Module
531