Table of Contents
Advertisement
Step
7.
(Optional.) Specify the user
object class.
Configuring an LDAP attribute map
Configure an LDAP attribute map to define a list of LDAP-AAA attribute mapping entries. To apply the
LDAP attribute map, specify the name of the LDAP attribute map in the LDAP scheme used for
authorization.
The LDAP attribute map feature enables the device to convert LDAP attributes obtained from an
LDAP authorization server to device-recognizable AAA attributes based on the mapping entries.
Because the device ignores unrecognized LDAP attributes, configure the mapping entries to include
important LDAP attributes that should not be ignored.
An LDAP attribute can be mapped only to one AAA attribute. Different LDAP attributes can be
mapped to the same AAA attribute.
To configure an LDAP attribute map:
Step
1.
Enter system view.
2.
Create an LDAP attribute
map and enter LDAP
attribute map view.
3.
Configure a mapping
entry.
Creating an LDAP scheme
You can configure a maximum of 16 LDAP schemes. An LDAP scheme can be used by multiple ISP
domains.
To create an LDAP scheme:
Step
1.
Enter system view.
2.
Create an LDAP scheme
and enter LDAP scheme
view.
Command
user-parameters
user-object-class
object-class-name
Command
system-view
ldap attribute-map map-name
map ldap-attribute
ldap-attribute-name [ prefix
prefix-value delimiter
delimiter-value ] aaa-attribute
{ user-group | user-profile }
Command
system-view
ldap scheme
ldap-scheme-name
52
Remarks
By default, no user object class is
specified, and the default user
object class on the LDAP server is
used.
The default user object class for
this command varies by LDAP
server model.
Remarks
N/A
By default, no LDAP attribute maps
exist.
By default, an LDAP attribute map
does not have any mapping entries.
Repeat this command to configure
multiple mapping entries.
Remarks
N/A
By default, no LDAP schemes exist.
Advertisement
Table of Contents
Troubleshooting
