Cisco Cisco MDS 9000 SAN-OS Software Release 1.0 Manuale Tecnico
Contents
Introduction
Prerequisites
Requirements
Components Used
Configure
Verify
Troubleshoot
Related Information
Introduction
This document provides a sample configuration for basic LDAP (Lightweight Directory Access
Protocol) configuration on Multilayer Data Switches (MDS). A few commands are also listed in
order to show how to test and validate the configuration on MDS switches that run NX-OS.
Protocol) configuration on Multilayer Data Switches (MDS). A few commands are also listed in
order to show how to test and validate the configuration on MDS switches that run NX-OS.
The LDAP provides centralized validation of users who attempt to gain access to a Cisco MDS
device. LDAP services are maintained in a database on an LDAP daemon that typically runs on a
UNIX or Windows NT workstation. You must have access to and must configure an LDAP server
before the configured LDAP features on your Cisco MDS device are available.
device. LDAP services are maintained in a database on an LDAP daemon that typically runs on a
UNIX or Windows NT workstation. You must have access to and must configure an LDAP server
before the configured LDAP features on your Cisco MDS device are available.
LDAP provides for separate authentication and authorization facilities. LDAP allows for a single
access control server (the LDAP daemon) in order to provide each service authentication and
authorization independently. Each service can be tied into its own database in order to take
advantage of other services available on that server or on the network, dependent upon the
capabilities of the daemon.
access control server (the LDAP daemon) in order to provide each service authentication and
authorization independently. Each service can be tied into its own database in order to take
advantage of other services available on that server or on the network, dependent upon the
capabilities of the daemon.
The LDAP client/server protocol uses TCP (TCP port 389) for transport requirements. Cisco MDS
devices provide centralized authentication with use of the LDAP protocol.
devices provide centralized authentication with use of the LDAP protocol.
Prerequisites
Requirements
Cisco states that the Active Directory (AD) user account should be configured and validated.
Currently, Cisco MDS supports Description and MemberOf as attribute names. Configure the user
role with these attributes in the LDAP server.
Currently, Cisco MDS supports Description and MemberOf as attribute names. Configure the user
role with these attributes in the LDAP server.
Components Used
The information in this document was tested on an MDS 9148 that runs NX-OS Version 6.2(7).
The same configuration should work for other MDS platforms as well as NX-OS versions. The test
LDAP server is located at 10.2.3.7.
The same configuration should work for other MDS platforms as well as NX-OS versions. The test
LDAP server is located at 10.2.3.7.
The information in this document was created from the devices in a specific lab environment. All of
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.
the devices used in this document started with a cleared (default) configuration. If your network is
live, make sure that you understand the potential impact of any command.