Step 1 | UCSC#
connect
policy-mgr
|
Enters policy
manager mode.
|
Step 2 | UCSC(policy-mgr) #scope org
| Enters organization mode for the specified organization.
|
Step 3 | UCSC(policy-mgr) /org #scope device-profile
| Enters device profile mode for the specified organization.
|
Step 4 | UCSC(policy-mgr) /org/device-profile #scope security
| Enters security mode.
|
Step 5 | UCSC(policy-mgr) /org/device-profile/security #
scope ldap
|
Enters security LDAP mode.
|
Step 6 | UCSC(policy-mgr) /org/device-profile/security/ldap #
create server
server-name
|
Creates an LDAP server instance and enters security LDAP server mode. If SSL is enabled, the
server-name
, typically an IP address or FQDN, must exactly match a Common Name (CN) in the LDAP server's security certificate.
If you use a hostname rather than an IPv4 or IPv6 address, you
must configure a DNS server.
If the
Cisco UCS domain is not registered with
Cisco UCS Central or DNS management is set to
local, configure a DNS server in
Cisco UCS Manager. If the
Cisco UCS domain is registered with
Cisco UCS Central and DNS management is set to
global, configure a DNS server in
Cisco UCS Central..
|
Step 7 | UCSC(policy-mgr) /org/device-profile/security/ldap/server* #
set attribute
attribute
| (Optional)
An LDAP attribute that stores the values for the user roles and
locales. This property is always a name-value pair. The system queries the user
record for the value that matches this attribute name.
If you do not want to extend your LDAP schema, you can configure
an existing, unused LDAP attribute with the
Cisco UCS roles and
locales. Alternatively, you can create an attribute named CiscoAVPair in the
remote authentication service with the following attribute ID:
1.3.6.1.4.1.9.287247.1
This value is required unless a default attribute has been set
on the LDAP
General tab.
|
Step 8 | UCSC(policy-mgr) /org/device-profile/security/ldap/server* #
set basedn
basedn-name
|
The specific distinguished name in the LDAP hierarchy where the
server should begin a search when a remote user logs in and the system attempts
to get the user's DN based on their username. The length of the base DN can be
set to a maximum of 255 characters minus the length of CN=username, where
username identifies the remote user attempting to access
Cisco UCS Manager using LDAP
authentication.
This value is required unless a default base DN has been set on
the LDAP
General tab.
|
Step 9 | UCSC(policy-mgr) /org/device-profile/security/ldap/server* #
set binddn
binddn-name
|
The distinguished name (DN) for an LDAP database account that
has read and search permissions for all objects under the base DN.
The maximum supported string length is 255 ASCII characters.
|
Step 10 | UCSC(policy-mgr) /org/device-profile/security/ldap/server* #
set filter
filter-value
|
The LDAP search is restricted to those user names that match the
defined filter.
This value is required unless a default filter has been set on
the LDAP
General tab.
|
Step 11 | UCSC(policy-mgr) /org/device-profile/security/ldap/server* #
set password
|
The password for the LDAP database account specified in the
Bind DN field. You can enter any standard ASCII
characters except for space, § (section sign), ? (question mark), or = (equal
sign).
To set the password, press
Enter
after typing the
set password
command and enter the key value at the prompt.
|
Step 12 | UCSC(policy-mgr) /org/device-profile/security/ldap/server* #
set order
order-num
|
The order in which Cisco UCS Central uses this provider to authenticate users.
|
Step 13 | UCSC(policy-mgr) /org/device-profile/security/ldap/server* #
set port
port-num
|
The port through which Cisco UCS Central communicates with the LDAP database. The standard port number is 389.
|
Step 14 | UCSC(policy-mgr) /org/device-profile/security/ldap/server* #
set ssl
{yes
|
no}
|
Enables or disables the use of encryption when communicating with the LDAP server. The options are as follows:
-
yes
—Encryption is required. If encryption cannot be negotiated, the connection fails.
-
no
—Encryption is disabled. Authentication information is sent as clear text.
LDAP uses STARTTLS. This
allows encrypted communication using port 389.
|
Step 15 | UCSC(policy-mgr) /org/device-profile/security/ldap/server* #
set timeout
timeout-num
|
The length of time in seconds the system should spend trying to
contact the LDAP database before it times out.
Enter an integer from 1 to 60 seconds, or enter 0 (zero) to use
the global timeout value specified on the LDAP
General tab. The default is 30 seconds.
|
Step 16 | UCSC(policy-mgr) /org/device-profile/security/ldap/server* #
set vendor
|
Specifies the vendor for the LDAP group.
-
ms-ad
—To specify Microsoft Active Directory, enter ms-ad.
-
openldap
—To specify OpenLDAP server, enter openldap.
|
Step 17 | UCSC(policy-mgr) /org/device-profile/security/ldap/server* #
commit-buffer
|
Commits the transaction to the system configuration.
|