LDAP Server Configuration
© Copyright Lenovo 2017
LDAP (Lightweight Directory Access Protocol) is an authentication protocol that
allows a remote access server to forward a userʹs logon password to an
authentication server to determine whether access can be allowed to a given
system.
Table 155.
LDAP Server Configuration Options
Command Syntax and Usage
ldapserver mode {enhanced|legacy}
Configures the LDAP client mode.
legacy ‐ provides LDAP version 1 (LDAPv1) client functionality
enhanced ‐ provides LDAP versions 2 and 3 (LDAPv2, LDAPv3) client
functionality
The default mode is legacy.
Note: When switching between LDAP client modes, LDAP configurations
made before the change are lost.
Command mode: Global configuration
ldapserver attribute group <1‐128 characters>
Configures a customized LDAP group search attribute, where the group
membership information of the user is stored.
The default value is memberOf.
Note: This option is available only in LDAP enhanced mode.
Command mode: Global configuration
no ldapserver attribute group
Resets the LDAP group search attribute to its default value of memberOf.
Note: This option is available only in LDAP enhanced mode.
Command mode: Global configuration
ldapserver attribute loginpermission <1‐128 characters>
Configures a customized LDAP login permission attribute, where the user's or
the group's permission string is stored.
The default value is ibmchassisRole.
Note: This option is available only in LDAP enhanced mode.
Command mode: Global configuration
no ldapserver attribute loginpermission
Resets the LDAP login permission attribute to its default value of
ibmchassisRole.
Note: This option is available only in LDAP enhanced mode.
Command mode: Global configuration
Chapter 4: Configuration Commands
363