beautypg.com

Fips compliance, Client-side active directory server configuration, Table 11 – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual

Page 249: Adding an ldap server to the client’s server list

background image

Network OS NETCONF Operations Guide

217

53-1003231-02

LDAP

16

FIPS compliance

To support FIPS compliance, the CA certificate of the AD server’s certificate should be installed on
the switch, and the FIPS-compliant TLS ciphers for LDAP should be used.

Client-side Active Directory server configuration

Each Brocade switch client must be individually configured to use AD servers. You can use the
NETCONF interfaces to specify the host server, authentication protocols, and other parameters. You
can configure a maximum of five AD servers on a Brocade switch for AAA service.

The parameters in

Table 11

are associated with an AD server that is configured on the switch.

A maximum of five LDAP/AD servers can be configured on a Brocade switch for authentication
service.

Adding an LDAP server to the client’s server list

This procedure connects the host to the LDAP server, and configures the access attributes.

To add an LDAP server and configure access attributes, perform the following steps.

1. Issue the RPC to configure the node in the

urn:brocade.com:mgmt:brocade-aaa namespace.

2. Under the node, include the node.

3. Under the node, include the following leaf elements.

a. In the element, specify the LDAP host by its IP address.

b. In the element, specify the base domain name.

c. Optional: In the element, specify the UDP port number (default 389).

d. Optional: In the element, specify the amount of time on seconds to wait for the

server to respond.

e. Optional: In the element, specify the number of retries for this server connection.

The following example configures host 10.23.65.6 as the LDAP server and configures the
access attributes.

TABLE 11

AD parameters

Parameter

Description

hostname

IP address (v4) or Fully Qualified Domain name of the AD server. IPv6 is supported for
Windows 2008 AD server only.

port

TCP port used to connect the AD server for authentication. The valid port range is
1024 through 65535. The default port is 389.

timeout

Time to wait for a server to respond. The range is 1 through 60 seconds. The default
value is 5 seconds.

retries

Number of unsuccessful attempts to be made to connect to an AD server before
quitting. The valid range is 1 through 100. The default value is 5.

basedn

Base domain name.

See also other documents in the category Brocade Computer Accessories: