Alcatel-Lucent 6600 Switch User Manual


 
LDAP Servers Managing Authentication Servers
page 20-26 OmniSwitch 6600 Family Network Configuration Guide April 2006
Note. The distinguished name must be different from the searchbase name.
Modifying an LDAP Authentication Server
To modify an LDAP authentication server, use the aaa ldap-server command with the server name; or, if
you have just entered the aaa ldap-server command to create or modify the server, you can use command
prefix recognition. For example:
-> aaa ldap-server ldap2 password my_pass
-> timeout 4
In this example, an existing LDAP server is modified with a different password, and then the timeout is
modified on a separate line. These two command lines are equivalent to:
-> aaa ldap-server ldap2 password my_pass timeout 4
Setting Up SSL for an LDAP Authentication Server
A Secure Socket Layer (SSL) may be set up on the server for additional security. When SSL is enabled,
the server’s identity will be authenticated. The authentication requires a certificate from a Certification
Authority (CA). If the CA providing the certificate is well-known, the certificate is automatically extracted
from the Hbase.img file on the switch (certs.pem). If the CA is not well-known, the CA’s certificate must
be transfered to the switch via FTP to the /flash/certified or /flash/working directory and should be named
optcerts.pem. The switch merges either or both of these files into a file called ldapcerts.pem.
To set up SSL on the server, specify ssl with the aaa ldap-server command:
-> aaa ldap-server ldap2 ssl
The switch automatically sets the port number to 636 when SSL is enabled. The 636 port number is typi-
cally used on LDAP servers for SSL. The port number on the switch must match the port number config-
ured on the server. If the port number on the server is different from the default, use the aaa ldap-server
command with the port keyword to configure the port number. For example, if the server port number is
635, enter the following:
-> aaa ldap-server ldap2 port 635
The switch will now be able to communicate with the server on port 635.
To remove SSL from the server, use no with the ssl keyword. For example:
-> aaa ldap-server ldap2 no ssl
SSL is now disabled for the server.
Removing an LDAP Authentication Server
To delete an LDAP server from the switch configuration, use the no form of the command with the rele-
vant server name.
-> no aaa ldap-server topanga5
The topanga5 server is removed from the configuration.