Setting up LDAP for FIPS mode
Set the switch authentication mode and add your LDAP server by using the commands in the example
1.
below. Provide the Fully Qualified Domain Name (FQDN) of the Active Directory server for the
hostname parameter while configuring LDAP.
Example: Setting up LDAP for FIPS mode
switch:admin> aaaconfig --add GEOFF5.ADLDAP.LOCAL -conf ldap -d
adldap.local -p 389 -t 3
switch:admin> aaaconfig --authspec "ldap;local"
switch:admin> aaaconfig –show
RADIUS CONFIGURATIONS
=====================
RADIUS configuration does not exist.
LDAP CONFIGURATIONS
===================
Position
Server
Port
Domain
Timeout(s)
Primary AAA Service: LDAP
Secondary AAA Service: Switch database
2.
Configure the DNS on the switch using the dnsConfig command.
Example: Setting the DNS
switch:admin> dnsconfig
Enter option
1 Display Domain Name Service (DNS) configuration
2 Set DNS configuration
3 Remove DNS configuration
4 Quit
Select an item: (1..4) [4] 2
Enter Domain Name: [] domain.com
Enter Name Server IP address in dot notation: [] 123.123.123.123
Enter Name Server IP address in dot notation: [] 123.123.123.124
DNS parameters saved successfully
Enter option
1 Display Domain Name Service (DNS) configuration
2 Set DNS configuration
3 Remove DNS configuration
4 Quit
Select an item: (1..4) [4] 4
Specify the DNS IP address using either IPv4 or IPv6. This is needed for the switch to resolve the
domain name to the IP address as LDAP initiates a TCP session to connect to your Microsoft Active
Directory server. A Fully Qualified Domain Name (FQDN) is needed to validate the server identity as
recorded in the common name of the server certificate.
3.
Set up LDAP according to the instructions in
page 93.
: 1
: GEOFF5.ADLDAP.LOCAL
: 389
: adldap.local
: 3
"LDAP configuration and Microsoft Active
Directory" on
Fabric OS 6.2 administrator guide 157