Configuring LDAP
Command or Action
Example:
switch(config)# ldap-server host 10.10.1.1 rootDN
cn=manager,dc=acme,dc=com password Ur2Gd2BH
timeout 60
Step 3
(Optional) show ldap-server
Example:
switch(config)# show ldap-server
Step 4
(Optional) copy running-config startup-config
Example:
switch(config)# copy running-config startup-config
Related Topics
Configuring LDAP Server Groups
You can specify one or more remote AAA servers to authenticate users using server groups. All members of
a group must be configured to use LDAP. The servers are tried in the same order in which you configure
them.
You can configure these server groups at any time, but they take effect only when you apply them to an AAA
service.
Before you begin
Enable LDAP.
SUMMARY STEPS
1.
2.
3.
4.
5.
6.
7.
8.
9.
10.
LDAP Server Configuration
Enabling or Disabling
LDAP, on page 110
Configuring LDAP Server
Hosts, on page 111
configure terminal
[no] aaa group server ldap group-name
[no] server {ipv4-address | ipv6-address | host-name}
(Optional) [no] authentication {bind-first [append-with-baseDN DNstring] | compare
[password-attribute password]}
(Optional) [no] enable user-server-group
(Optional) [no] enable Cert-DN-match
(Optional) [no] use-vrf vrf-name
exit
(Optional) show ldap-server groups
(Optional) copy running-config startup-config
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Purpose
Optionally specifies the TCP port to use for LDAP messages
to the server. The range is from 1 to 65535, and the default
TCP port is the global value or 389 if a global value is not
configured. Also specifies the timeout interval for the server.
The range is from 1 to 60 seconds, and the default timeout
is the global value or 5 seconds if a global value is not
configured.
Displays the LDAP server configuration.
Copies the running configuration to the startup
configuration.
Process, on page 109
Configuring LDAP Server Groups
113