LDAP is disabled by default and must be explicitly enabled. To use LDAP authentication on the router, configure one or more LDAP servers on the network.
TLS certificates and clients must also be configured. For more information about configuring TLS, see TLS.
Use the following CLI commands to configure LDAP.
CLI syntax:
config>system>security>ldap
[no] public-key-authentication
[no] retry
[no] server
[no] shutdown
[no] timeout
[no] use-default-template
config>system>security>password
authentication-order [method] exit-on-reject
config>system>security>ldap
public-key-authentication
server server-index create
address ip-address port port
bind-authentication root-dn [password password] [hash | hash2 | custom]
ldap-server server-name
search base-dn
tls-profile tls-profile-name
no shutdown
exit
no shutdown
The following displays an LDAP authentication configuration example:
A:SwSim14>config>system>security>ldap#
----------------------------------------------
[no] public-key-authentication
[no] retry
[no] server
[no] shutdown
[no] timeout
[no] use-default-template
----------------------------------------------
*A:SwSim14>config>system>security>password#
----------------------------------------------
authentication-order [local | radius | tacplus | ldap] exit-on-reject
----------------------------------------------
*A:SwSim14>config>system>security>ldap# info
----------------------------------------------
public-key-authentication
server 1 create
address 10.1.1.1
bind-authentication "cn=administrator,cn=users,dc=nacblr2,dc=example,dc=com
password"
ldap-server "active-server"
search "dc=sns,dc=example,dc=com"
tls-profile "server-1-profile"
no shutdown
exit
no shutdown
----------------------------------------------
*A:SwSim8>config>system>security>tls# info
----------------------------------------------
client-tls-profile "server-1-profile" create
cipher-list "to-active-server"
trust-anchor-profile ‟server-1-ca‟
no shutdown
exit