Configure an External LDAP Server

You can configure an LDAP server for user validation and to fetch user groups.

About this task

LDAP supports three modes for fetching the roles assigned to a user.
  • The role is available as an attribute in the user Distinguished Name (DN) entry. Group attribute definition is not needed.
  • The user has a "memberOf" attribute or any appropriate group DN attribute to identify the groups assigned to the user. Assign the corresponding LDAP group to a role in EFA.
  • LDAP groups have user entries in their group definitions. Assign the LDAP groups to roles in EFA.


For more information about commands and supported parameters, see Extreme Fabric Automation Command Reference, 3.1.0 .


  1. To configure an external LDAP server, run the following command.
    # efa auth ldapconfig add --name ldapconfig –- host 10.x.x.x --bind-user-
    name cn=admin,dc=extrnet,dc=com --bind-user-password password --user-search-
    base ou=people,dc=extrnet,dc=com
    This example configures the bind user name and password and the DN of the node from which searches start.
  2. To configure an LDAP server in a TPVM (for the TPVM Ubuntu OS), run the tpvm config ldap command from the SLX-OS command line.