Managing Authentication Servers LDAP Servers
OmniSwitch AOS Release 8 Network Configuration Guide December 2017 page 31-21
Directory Server Schema for LDAP Authentication
Object classes and attributes need to be modified accordingly to include LDAP authentication in the
network (object classes and attributes are used specifically here to map user account information contained
in the directory servers).
• All LDAP-enabled directory servers require entry of an auxiliary objectClass:passwordObject for user
password policy information.
• Another auxiliary objectClass: password policy is used by the directory server to apply the password
policy for the entire server. There is only one entry of this object for the database server.
Vendor-Specific Attributes for LDAP Servers
The following are Vendor Specific Attributes (VSAs) for Authenticated Switch Access and/or Layer 2
Authentication:
Note. Server schema extensions must be configured before the aaa ldap-server command is configured.
attribute description
bop-asa-func-priv-read-1 Read privileges for the user.
bop-asa-func-priv-read-2 Read privileges for the user.
bop-asa-func-priv-write-1 Write privileges for the user.
bop-asa-func-priv-write-2 Write privileges for the user.
bop-asa-allowed-access Whether the user has access to configure the switch.
bop-asa-snmp-level-security Whether the user can have SNMP access, and the
type of SNMP protocol used.
bop-shakey A key computed from the user password with the
alp2key tool.
bop-md5key A key computed from the user password with the
alp2key tool.
allowedtime The periods of time the user is allowed to log into the
switch.
switchgroups The VLAN ID and protocol (IP_E2, IP_SNAP,
IPX_E2, IPX_NOV, IPX_LLC, IPX_SNAP).
To Next Page
Loading...
Need help?
General
