Implementing Secure LDAP (LDAPS)
Enabling LDAPS
1. Turn LDAP authentication on:
2. Enable LDAP Enhanced Mode:
3. Configure the IPv4 addresses of each LDAP server. Specify the interface port
4. You may change the default TCP port number used to listen to LDAPS (optional).
5. Configure the Security Mode:
146
G8264 Application Guide for ENOS 8.4
Lightweight Directory Access Protocol (LDAP) is a protocol for accessing
distributed directory information services over a network. Enterprise NOS uses
LDAP for authentication and authorization. With an LDAP client enabled, the
switch will authenticate a user and determine the user's privilege level by checking
with one or more directory servers instead of a local database of users. This
prevents customers from having to configure local user accounts on multiple
switches; they can maintain a centralized directory instead.
As part of the SIOM, you can implement Secure Lightweight Directory Access
Protocol (LDAPS) in addition to standard LDAP.
LDAPS is disabled by default. To enable LDAPS:
RS G8264(config)# ldapserver enable
RS G8264(config)# ldapserver mode enhanced
This changes the ldapserver subcommands to support LDAPS.
(optional).
RS G8264(config)# ldapserver host {14} <IP address or hostname> mgtaport
The well‐known port for LDAP is 636.
RS G8264(config)# ldapserver port <1‐65000>
RS G8264(config)# ldapserver security {clear|ldaps|mutual|starttls}
where:
Parameter
clear
ldaps
mutual
starttls
Description
Cleartext Mode (no security)
LDAPS Mode
Mutual authentication in Transport Layer Security (TLS)
Secure LDAP via StartTLS without cleartext fallback