6. Configure the distinguished name (DN) and password (optional).
7. Configure the root DN:
8. Configure the user search attribute (optional):
9. Configure the group search attribute (optional):
10. Configure the login permissions attribute:
11. Configure the group filter attribute (optional):
12. Enable DNS server verification:
Disabling LDAPS
© Copyright Lenovo 2016
RS G8264(config)# ldapserver binddn dn "<distinguished name> "
RS G8264(config)# ldapserver binddn key "<password> "
If this is not configured, the switch will use user‐provided login credentials to
bind. A DN will then be constructed from the userʹs login credentials and then
used in the initial BIND attempt.
RS G8264(config)# ldapserver basedn <root DN name>
RS G8264(config)# ldapserver attribute username <search attribute>
If no user search attribute is specified, the default is uid.
RS G8264(config)# ldapserver attribute group <search attribute>
If no group search attribute is specified, the default is memberOf.
RS G8264(config)# ldapserver attribute loginpermission <attribute>
Note: If no login permissions attribute is configured, LDAP client will not
function.
RS G8264(config)# ldapserver groupfilter <filter attributes separated by comma>
Note: The group filter string must contain no whitespace.
If no group filter attribute is configured, no groups will be filtered and all groups
will be considered in any search.
RS G8264(config)# ldapserver srv
To disable LDAPS, enter:
RS G8264(config)# ldapserver security clear
RS G8264(config)# ldapserver mode legacy
For information about using LDAP in Legacy Mode, see "LDAP Authentication
and Authorization" on page
114.
Chapter 8: Secure Input/Output Module
147