Configure an LDAP Server

Use this task to create an LDAP server with AAA Server profiles for devices configured as RADIUS servers. LDAP servers must first be created in the network policy workflow, and will then appear in the table in this window. You can clone an existing LDAP server profile and customize it using the following procedures.

  1. Select a server from the table.
    Note

    Note

    If the table is empty, you must first create an LDAP server inside of a network policy workflow.
  2. Select the clone icon.
  3. Enter a name for the cloned server.
  4. Enter an IP Address or Host Name.
  5. Enter an optional description.
  6. Enter the RADIUS user base distinguished name, or the starting point for directory server searches, such as cn=visitors, and the point in the directory tree structure under which the server stores user accounts in its database.
    Note

    Note

    ExtremeCloud IQ supports up to 2000 users per user group. For more than 2000 users, you must separate the users into different user groups.
  7. Enter the LDAP client distinguished name used during the authentication part of an LDAP session, such as cn=users, cn=students, dc=southamerica, ou=student, and ou=school.
  8. Enter the LDAP client distinguished name password used during the authentication part of an LDAP session.
  9. Select LDAP or LAPDS for the required communication protocol.
  10. Enter any required Filter Attribute for searching for elements below the baseObject.
  11. Enable or disable removing the realm, which is commonly appended to a user name and delimited with an @ sign, from the filter.
  12. Enter the LDAP server Destination Port.
  13. Enable or disable Transport Layer Security authentication and encryption.
    If you enabled it, fill in these fields:

    CA Certificate File: Select the default certification authority digital certificate type.

    LDAP Client Certificate: Select the default LDAP client digital certificate type.

    Client Key File: Select the default client key digital certificate type.

    Key File Password: Enter the client key file password.

    Verify Server: Choose how often the Extreme Networks device checks the relationship between a certificate and its server: Try (on first authorization or authentication), Never, or Demand (as required, on demand).

  14. Select Save.