Ldap authentication and authorization, Configuring the ldap server – Blade ICE RACKSWITCH G8124-E User Manual

BLADEOS 6.5.2 Application Guide

BMD00220, October 2010

Chapter 4: Authentication & Authorization Protocols 73

LDAP Authentication and Authorization

BLADEOS supports the LDAP (Lightweight Directory Access Protocol) method to authenticate
and authorize remote administrators to manage the switch. LDAP is based on a client/server model.
The switch acts as a client to the LDAP server. A remote user (the remote administrator) interacts
only with the switch, not the back-end server and database.

LDAP authentication consists of the following components:

A protocol with a frame format that utilizes TCP over IP

A centralized server that stores all the user authorization information

A client: in this case, the switch

Each entry in the LDAP server is referenced by its Distinguished Name (DN). The DN consists of
the user-account name concatenated with the LDAP domain name. If the user-account name is
John, the following is an example DN:

uid=John,ou=people,dc=domain,dc=com

Configuring the LDAP Server

G8124 user groups and user accounts must reside within the same domain. On the LDAP server,
configure the domain to include G8124 user groups and user accounts, as follows:

User Accounts:

Use the uid attribute to define each individual user account.

User Groups:

Use the members attribute in the groupOfNames object class to create the user groups. The first
word of the common name for each user group must be equal to the user group names defined
in the G8124, as follows:

admin

oper

user