LDAP Authentication and Authorization
Configuring the LDAP Server
Configuring LDAP Authentication on the Switch
1. Turn LDAP authentication on, then configure the IPv4 addresses of the Primary
2. Configure the domain name.
3. You may change the default TCP port number used to listen to LDAP (optional).
114
G8264 Application Guide for ENOS 8.4
ENOS supports the LDAP (Lightweight Directory Access Protocol) method to
authenticate and authorize remote administrators to manage the switch. LDAP is
based on a client/server model. The switch acts as a client to the LDAP server. A
remote user (the remote administrator) interacts only with the switch, not the
back‐end server and database.
LDAP authentication consists of the following components:
A protocol with a frame format that utilizes TCP over IP
A centralized server that stores all the user authorization information
A client: in this case, the switch
Each entry in the LDAP server is referenced by its Distinguished Name (DN). The
DN consists of the user‐account name concatenated with the LDAP domain name.
If the user‐account name is John, the following is an example DN:
uid=John,ou=people,dc=domain,dc=com
G8264 user groups and user accounts must reside within the same domain. On the
LDAP server, configure the domain to include G8264 user groups and user
accounts, as follows:
User Accounts:
Use the uid attribute to define each individual user account. If a custom attribute
is used to define individual users, it must also be configured on the switch.
User Groups:
Use the members attribute in the groupOfNames object class to create the user
groups. The first word of the common name for each user group must be equal
to the user group names defined in the G8264, as follows:
admin
oper
user
and Secondary LDAP servers. Specify the interface port (optional).
RS G8264(config)# ldapserver enable
RS G8264(config)# ldapserver primaryhost 10.10.1.1 mgtaport
RS G8264(config)# ldapserver secondaryhost 10.10.1.2 dataport
RS G8264(config)# ldapserver domain <ou=people,dc=my‐domain,dc=com>