Configure an External LDAP Server

You can configure an LDAP server for user validation and to fetch user groups.

LDAP supports three modes for fetching the roles assigned to a user.
  • The role is available as an attribute in the user Distinguished Name (DN) entry. Group attribute definition is not needed.
  • The user has a "memberOf" attribute or any appropriate group DN attribute to identify the groups assigned to the user. Assign the corresponding LDAP group to a role in XCO.
  • LDAP groups have user entries in their group definitions. Assign the LDAP groups to roles in XCO.
Note

Note

If you configure LDAP server over SSL, and use IP to connect to the server, ensure that the certificate includes the IP as part of the subject alternative names (SANs) for a successful connection.

For more information about commands and supported parameters, see ExtremeCloud Orchestrator Command Reference, 3.2.0 .

  1. To configure an external LDAP server, run the following command: 
    # efa auth ldapconfig add --name ldapconfig –- host 10.x.x.x --bind-user-
name cn=admin,dc=extrnet,dc=com --bind-user-password password --user-search-
base ou=people,dc=extrnet,dc=com
    The previous example configures the bind user name and password and the DN of the node from which searches start.
  2. To configure an LDAP server in a TPVM (Ubuntu OS), run the tpvm config ldap command from the SLX-OS command line.
9037732-01 Rev AA