LDAP provides user authentication and authorization using the Microsoft Active Directory service in conjunction with LDAP on the switch. There are two modes of operation in LDAP authentication, FIPS mode and non-FIPS mode. This section discusses LDAP authentication in non-FIPS mode
Create a User and Group in Microsoft Active Directory with no spaces. In my case I created the Groupname SANAdmins
Login with PuTTy in your switch SAN console. Default FOS v7.x= User: admin Password: password
Perform an aaaconfig --show to check existing configuration.
An LDAP server can be configured in two ways. Via the web login on the switch or ssh console. Because we already loged in at the console we execute this through the console. Add the aaconfig ldap server name by entering the following command. When you are ready verify with aaaconfig --show
aaaconfig --add XXX.XX.XXX.XXX -conf ldap -p 389 -d mikes.lan
Use the ldap --maprole ldap_role_name switch_role command to map an LDAP server role to one of the default roles available on the switch. When ready verify with ldapcfg --show
ldapcfg --maprole SANAdmins admin
Enable LDAP authentication by entering the following command:
aaaconfig --authspec "ldap;local"
Finaly you can check settings trough your web interface and remember the login requires the following name convention: firstname.lastname@example.org