Configure an External LDAP Server

You can configure an LDAP server for user validation and to fetch user groups.

About this task

LDAP supports three modes for fetching the roles assigned to a user.

The role is available as an attribute in the user Distinguished Name (DN) entry. Group attribute definition is not needed.
The user has a "memberOf" attribute or any appropriate group DN attribute to identify the groups assigned to the user. Assign the corresponding LDAP group to a role in EFA.
LDAP groups have user entries in their group definitions. Assign the LDAP groups to roles in EFA.

Note

For more information about commands and supported parameters, see Extreme Fabric Automation Command Reference, 3.1.0 .

Procedure

To configure an external LDAP server, run the following command.

# efa auth ldapconfig add --name ldapconfig –- host 10.x.x.x --bind-user-
name cn=admin,dc=extrnet,dc=com --bind-user-password password --user-search-
base ou=people,dc=extrnet,dc=com

This example configures the bind user name and password and the DN of the node from which searches start.

To configure an LDAP server in a TPVM (for the TPVM Ubuntu OS), run the tpvm config ldap command from the SLX-OS command line.

Switching

Routing

Wireless

Management & Automation

Analytics & Visibility

Security & Access Control

Remote

Cloud

Security

Machine Learning

Campus Fabric

Data Center Fabric

Internet of Things

Wi-Fi 6

Primary & Secondary Education (K-12)

Retail

Service Providers

Federal Government

Manufacturing

Higher Education

Healthcare

Hospitality

State & Local Government

Sports & Public Venues

Support Portal

Knowledge Base

Documentation

End of Sale

Policies & Warranties

Training & Courses

Maintenance Services

Premier Services

Professional Services

Managed Services

Configure an External LDAP Server

About this task

Procedure