Alcatel-Lucent 6850-48 Guida Di Rete

Managing Authentication Servers

LDAP Servers

OmniSwitch AOS Release 6 Network Configuration Guide

page 35-23

Object classes and attributes will need to be modified accordingly to include LDAP authentication in the 
network (object classes and attributes are used specifically here to map user account information contained 
in the directory servers).

• All LDAP-enabled directory servers require entry of an auxiliary objectClass:passwordObject for user 

password policy information.

• Another auxiliary objectClass: password policy is used by the directory server to apply the password 

policy for the entire server. There is only one entry of this object for the database server.

Note. Server schema extensions should be configured before the aaa ldap-server command is configured.

The following are Vendor Specific Attributes (VSAs) for Authenticated Switch Access and/or Layer 2 
Authentication:

Configuring the functional privileges attributes (bop-asa-func-priv-read-1, bop-asa-func-priv-read-2, 
bop-asa-func-priv-write-1, bop-asa-func-priv-write-2) requires using read and write bitmasks for 
command families on the switch. 

1 To display the functional bitmasks of the desired command families, use the 

2 On the LDAP server, configure the functional privilege attributes with the bitmask values.

For more information about configuring users on the switch, see the Switch Security chapter of the 
OmniSwitch AOS Release 6 Switch Management Guide.

Read privileges for the user.

Read privileges for the user.

Write privileges for the user.

Write privileges for the user.

Whether the user has access to configure the switch.

Whether the user may have SNMP access, and the 
type of SNMP protocol used.

A key computed from the user password with the 
alp2key tool. 

A key computed from the user password with the 
alp2key tool. 

The periods of time the user is allowed to log into the 
switch.

The VLAN ID and protocol (IP_E2, IP_SNAP, 
IPX_E2, IPX_NOV, IPX_LLC, IPX_SNAP).