Implementing Secure Ldap (Ldaps); Enabling Ldaps - Lenovo RackSwitch G8264 Application Manual

For lenovo enterprise network operating system 8.4

Hide thumbs Also See for RackSwitch G8264:

Table of Contents

Implementing Secure LDAP (LDAPS)

1. Turn LDAP authentication on:

2. Enable LDAP Enhanced Mode:

3. Configure the IPv4 addresses of each LDAP server. Specify the interface port

4. You may change the default TCP port number used to listen to LDAPS (optional).

5. Configure the Security Mode:

G8264 Application Guide for ENOS 8.4

Lightweight Directory Access Protocol (LDAP) is a protocol for accessing

distributed directory information services over a network. Enterprise NOS uses

LDAP for authentication and authorization. With an LDAP client enabled, the

switch will authenticate a user and determine the user's privilege level by checking

with one or more directory servers instead of a local database of users. This

prevents customers from having to configure local user accounts on multiple

switches; they can maintain a centralized directory instead.

As part of the SIOM, you can implement Secure Lightweight Directory Access

Protocol (LDAPS) in addition to standard LDAP.

LDAPS is disabled by default. To enable LDAPS:

RS G8264(config)# ldapserver enable

RS G8264(config)# ldapserver mode enhanced

This changes the ldapserver subcommands to support LDAPS.

RS G8264(config)# ldapserver host {14} <IP address or hostname> mgtaport

The well‐known port for LDAP is 636.

RS G8264(config)# ldapserver port <1‐65000>

RS G8264(config)# ldapserver security {clear|ldaps|mutual|starttls}

Cleartext Mode (no security)

Mutual authentication in Transport Layer Security (TLS)

Secure LDAP via StartTLS without cleartext fallback

Show Quick Links

Table of Contents