Configuring LDAP Authentication on the Switch
1. Turn LDAP authentication on, then configure the Primary and Secondary LDAP
servers.
2. Configure the domain name.
3. If desired, you may change the default TCP port number used to listen to LDAP.
4. Configure the number of retry attempts for contacting the LDAP server and the
timeout period.
5. You may change the default LDAP attribute (uid) or add a custom attribute. For
instance, Microsoft's Active Directory requires the cn (common name) attribute.
© Copyright Lenovo 2017
CN 4093(config)# ldap-server enable
CN 4093(config)# ldap-server primary-host 10.10.1.1
CN 4093(config)# ldap-server secondary-host 10.10.1.2
CN 4093(config)# ldap-server domain <ou=people,dc=my‐domain,dc=com>
The well‐known port for LDAP is 389.
CN 4093(config)# ldap-server port <1‐65000>
CN 4093(config)# ldap-server retransmit 3 (number of server retries)
CN 4093(config)# ldap-server timeout 10 (enter the timeout period in seconds)
CN 4093(config)# ldap-server attribute username <1‐128 alpha‐numeric characters>
Chapter 5: Authentication & Authorization Protocols
111