Alcatel-Lucent 6600 Switch User Manual

Open as PDF

of 654

Managing Authentication Servers LDAP Servers

OmniSwitch 6600 Family Network Configuration Guide April 2006 page 20-21

Directory Server Schema for LDAP Authentication

Object classes and attributes will need to be modified accordingly to include LDAP authentication in the

network (object classes and attributes are used specifically here to map user account information contained

in the directory servers).

• All LDAP-enabled directory servers require entry of an auxiliary objectClass:passwordObject for user

password policy information.

• Another auxiliary objectClass: password policy is used by the directory server to apply the password

policy for the entire server. There is only one entry of this object for the database server.

Note. Server schema extensions should be configured before the aaa ldap-server command is configured.

Vendor-Specific Attributes for LDAP Servers

The following are Vendor Specific Attributes (VSAs) for Authenticated Switch Access and/or Layer 2

Authentication:

Configuring Functional Privileges on the Server

Configuring the functional privileges attributes (bop-asa-func-priv-read-1, bop-asa-func-priv-read-2,

bop-asa-func-priv-write-1, bop-asa-func-priv-write-2) requires using read and write bitmasks for

command families on the switch.

1 To display the functional bitmasks of the desired command families, use the show aaa priv hexa

command.

2 On the LDAP server, configure the functional privilege attributes with the bitmask values.

attribute description

bop-asa-func-priv-read-1 Read privileges for the user.

bop-asa-func-priv-read-2 Read privileges for the user.

bop-asa-func-priv-write-1 Write privileges for the user.

bop-asa-func-priv-write-2 Write privileges for the user.

bop-asa-allowed-access Whether the user has access to configure the

switch.

bop-asa-snmp-level-security Whether the user may have SNMP access, and the

type of SNMP protocol used.

bop-shakey A key computed from the user password with the

alp2key tool.

bop-md5key A key computed from the user password with the

alp2key tool.

allowedtime The periods of time the user is allowed to log into

the switch.

switchgroups The VLAN ID and protocol (IP_E2, IP_SNAP,

IPX_E2, IPX_NOV, IPX_LLC, IPX_SNAP).

previous next

Top Automotive Device Types

Top Automotive Brands

Top Baby Care Device Types

Top Baby Care Brands

Top Car Audio & Video Device Types

Top Car Audio & Video Brands

Top Cellphone Device Types

Top Cellphone Brands

Top Communications Device Types

Top Communications Brands

Top Computer Device Types

Top Computer Brands

Top Fitness Device Types

Top Fitness Brands

Top Home Audio Device Types

Top Home Audio Brands

Top Household Appliance Device Types

Top Household Appliance Brands

Top Kitchen Appliance Device Types

Top Kitchen Appliance Brands

Top Laundry Appliance Device Types

Top Laundry Appliance Brands

Top Lawn & Garden Device Types

Top Lawn & Garden Brands

Top Marine Equipment Device Types

Top Marine Equipment Brands

Top Musical Instrument Device Types

Top Musical Instrument Brands

Top Outdoor Cooking Device Types

Top Outdoor Cooking Brands

Top Personal Care Device Types

Top Personal Care Brands

Top Photography Device Types

Top Photography Brands

Top Portable Media Device Types

Top Portable Media Brands

Top Power Tools Device Types

Top Power Tools Brands

Top TV and Video Device Types

Top TV and Video Brands

Top Videogame Device Types

Top Videogame Brands

Alcatel-Lucent 6600 Switch User Manual