This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Identity-management configuration

Identity-management configuration

Ilya_Semenov
Contributor

ā€Ž01-17-2017 06:57 PM

Hello, everyone!

I want to configure Identity Management. Now it works only with Kerberos option configured. The result is only for 10% of ports in the stack I can see hostnames, domain name, IP and very rare - username.

I wanted to configure LDAP servers (I have MSFT infrastracture) but fails with the message (on the picture).

Could you please explain me, what I do wrong?

If I have MSFT forest/domain - which option should I configure - LDAP or Kerberos?

Many thanks in advance,

Ilya

e597e65c15a5447ea891763b279721ba_RackMultipart20170117-57197-1asd5i9-photo_2017-01-17_21-39-39_inline.jpg


0 Kudos
6 REPLIES 6

Tripathy__Priya
Extreme Employee

ā€Ž01-18-2017 05:35 AM

As said by Ronald try to check if any domain has been configured already or not. If not then
You can configure different domains and add different LDAP servers for these different domains. When adding an LDAP server to identity manager, you can specify the domain under which the server is to be added.

You can configure a base-dn and a bind user for each domain.

Base-dn is assumed to be the same as the domain name unless explicitly configured otherwise.
(Base-dn is the LDAP directory under which the users are to be searched.)

For users upgrading from older configurations, the base-dn configured on an older EXOS version
now becomes the default domain name. This can be changed later if required.

For users upgrading from older configurations, the LDAP servers configured on older EXOS
versions are now servers under the default domain.

You can now add up to eight LDAP servers to each of the user-configured domains if you want.

For further reference please find below the command line for the same:

To add or remove LDAP server connections for retrieving identity attributes, use the following
commands:

configure {identity-management} ldap {domain } add server [
| ] {} {client-ip } {vr } {encrypted
sasl digest-md5}

To configure LDAP client credentials for accessing an LDAP server, use the following command:

configure {identity-management} ldap {domain [|all]} bind-user
[ {encrypted} | anonymous]

To specify a base domain name to be added to user names in LDAP queries, use the following
command:

configure {identity-management} ldap {domain [|all]} base-dn [ |
none | default]

To enable or disable LDAP queries for specific network login types, use the following command:

configure {identity-management} ldap { domain [ | all ] }
[enable|disable] netlogin [dot1x | mac | web-based]

Hope this helps you in sorting out this issue......
0 Kudos

Ronald_Dvorak
Honored Contributor

ā€Ž01-17-2017 07:09 PM

Never done such config but let's try it....

Is there a LDAP domain configured...
Switch_1.1 # show ldap domain
Total domains configured: 0
Switch_1.2 #

If not create one....

Switch_1.1 # create ldap domain RON default ?
Execute the command
Switch_1.1 # create ldap domain RON default

You don't need to name it RON ļ™‚
0 Kudos
GTM-P2G8KFN