Cisco Cisco MDS 9000 SAN-OS Software Release 1.0 Manual Técnica

- The memberOf attribute is only supported by the Windows AD LDAP server. The
OpenLDAP server will not support the memberOf attribute.
- The memberOf configuration is only supported in NX-OS 6.2(1) and later.

Next, create an Authentication, Authorization, and Accounting (AAA) group with an appropriate
name and bind a previously created LDAP search map. As previously noted, you can use either
Description or MemberOf based on your preference. In the example shown here, s1 is used for the
Description for user authentication. If authentication is to be completed with MemberOf, then s2
can be used instead.

aaa group server ldap ldap2

server 10.2.3.7

ldap-search-map s1

aaa authentication login default group ldap2

Also, this configuration will revert authentication to local in case the LDAP server is unreachable.
This is an optional configuration:

aaa authentication login default fallback error local

Use this section in order to confirm that your configuration works properly.

In order to verify if the LDAP works properly from the MDS switch itself, use this test:

MDSA# test aaa group ldap2 cpam Cisco_123

user has been authenticated

MDSA#

This section provides information you can use in order to troubleshoot your configuration.

 customers only) supports certain show commands. Use the

Cisco CLI Analyzer in order to view an analysis of show command output.

Some useful commands to use to troubleshoot issues are shown here:

●

●

●

●

MDSA# show ldap-server

timeout : 5

port : 389

deadtime : 0

total number of servers : 1

following LDAP servers are configured:

10.2.3.7:

idle time:0

test user:test