H3C Technologies H3C S12500-X Series Switches User Manual

40

•

Search scope

•

Username attribute

•

Username format

•

User object class

If the LDAP server contains many directory levels, a user DN search starting from the root directory can

take a long time. To improve efficiency, you can change the start point by specifying the search base DN.
To configure LDAP user attributes:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter LDAP server view.

ldap server server-name N/A

3.

Specify the user search base
DN.

search-base-dn base-dn

By default, no user search base DN
is specified.

4.

(Optional.) Specify the user
search scope.

search-scope { all-level |
single-level }

By default, the user search scope is
all-level.

5.

(Optional.) Specify the
username attribute.

user-parameters
user-name-attribute

{ name-attribute | cn | uid }

By default, the username attribute
is cn.

6.

(Optional.) Specify the

username format.

user-parameters
user-name-format { with-domain |
without-domain }

By default, the username format is
without-domain.

7.

(Optional.) Specify the user
object class.

user-parameters user-object-class

object-class-name

By default, no user object is
specified, and the default user

object class on the LDAP server is

used.
The default user object class varies

by device.

388B

Creating an LDAP scheme

You can configure up to 16 LDAP schemes. An LDAP scheme can be referenced by multiple ISP domains.
To create an LDAP scheme:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an LDAP scheme
and enter its view.

ldap scheme ldap-scheme-name

By default, no LDAP scheme is defined.

389B

Specifying the LDAP authentication server

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enter LDAP scheme view.

ldap scheme ldap-scheme-name N/A

3.

Specify the LDAP

authentication server.

authentication-server server-name

By default, no LDAP authentication
server is specified.