Ldap Authentication And Authorization; Configuring The Ldap Server - Lenovo Flex System Fabric CN4093 Application Manual

LDAP Authentication and Authorization

Configuring the LDAP Server

110
CN4093 Application Guide for N/OS 8.4
Enterprise NOS supports the LDAP (Lightweight Directory Access Protocol)
method to authenticate and authorize remote administrators to manage the switch.
LDAP is based on a client/server model. The switch acts as a client to the LDAP
server. A remote user (the remote administrator) interacts only with the switch, not
the back‐end server and database.
LDAP authentication consists of the following components:
A protocol with a frame format that utilizes TCP over IP

 A centralized server that stores all the user authorization information
A client, in this case, the switch

Each entry in the LDAP server is referenced by its Distinguished Name (DN). The
DN consists of the user‐account name concatenated with the LDAP domain name.
If the user‐account name is John, the following is an example DN:
uid=John,ou=people,dc=domain,dc=com
CN4093 user groups and user accounts must reside within the same domain. On
the LDAP server, configure the domain to include CN4093 user groups and user
accounts, as follows:
 User Accounts:
Use the uid attribute to define each individual user account.
 User Groups:
Use the members attribute in the groupOfNames object class to create the user
groups. The first word of the common name for each user group must be equal
to the user group names defined in the CN4093, as follows:
admin (USERID)

oper

user
