Configuring AAA Authorization on LDAP Servers
switch(config)#
Enters global configuration mode.
Step 2
switch(config)#ldap-server deadtime 5
Configures the global dead-time interval. The default value is 0 minutes. The range is from 1 to 60 minutes.
Step 3
switch(config)# exit
switch#
Exits configuration mode.
Step 4
switch# show ldap-server
(Optional) Displays the LDAP server configuration.
Step 5
switch# copy running-config startup-config
(Optional) Copies the running configuration to the startup configuration.
Configuring AAA Authorization on LDAP Servers
You can configure the default AAA authorization method for LDAP servers.
To configure the AAA authorization on LDAP servers, follow these steps:
Procedure
Step 1
switch# configure terminal
switch(config)#
Enters global configuration mode.
Step 2
switch(config)# aaa authorization ssh-certificate default group LDAPServer1 LDAPServer2
Configures the default AAA authorization method for the LDAP servers.
The ssh-certificate keyword configures LDAP or local authorization with certificate authentication, and the
ssh-publickey keyword configures LDAP or local authorization with the SSH public key. The default
authorization is local authorization, which is the list of authorized commands for the user's assigned role.
The group-list argument consists of a space-delimited list of LDAP server group names. Servers that belong
to this group are contacted for AAA authorization. The local method uses the local database for authorization.
Step 3
switch(config)# exit
switch#
Exits configuration mode.
Step 4
switch(config)# show aaa authorization
(Optional) Displays the AAA authorization configuration. The all keyword displays the default values.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
52
Configuring Security Features on an External AAA Server