Hostname/FDQN (or IP
Address) field
|
The hostname, or IPv4 or IPv6 address on which the LDAP provider
resides. If SSL is enabled, this field must exactly match a Common Name (CN) in
the security certificate of the LDAP database.
Note
|
If you use a hostname rather than an IPv4 or IPv6 address, you
must configure a DNS server. If the
Cisco UCS domain is not registered with
Cisco UCS Central or DNS management is set to
local, configure a DNS server in
Cisco UCS Manager. If the
Cisco UCS domain is registered with
Cisco UCS Central and DNS management is set to
global, configure a DNS server in
Cisco UCS Central.
|
|
Order field
|
The order that the
Cisco UCS uses this provider to authenticate users.
Enter an integer between 1 and 16, or enter
lowest-available or
0 (zero) if you want
Cisco UCS to assign the next available order based on the other providers
defined in this
Cisco UCS domain.
|
Bind DN field
|
The distinguished name (DN) for an LDAP database account that
has read and search permissions for all objects under the base DN.
The maximum supported string length is 255 ASCII characters.
|
Base DN field
|
The specific distinguished name in the LDAP hierarchy where the
server begins a search when a remote user logs in and the system attempts to
obtain the user's DN based on their username. You can set the length of the
base DN to a maximum of 255 characters minus the length of CN=username, where
username identifies the remote user attempting to access
Cisco UCS Manager using LDAP authentication.
This value is required unless a default base DN has been set on
the LDAP
General tab.
|
Port field
|
The port through which
Cisco UCS communicates with the LDAP database. The standard port
number is 389.
|
Enable SSL check
box
|
If checked, encryption is required for communications with the
LDAP database. If unchecked, authentication information will be sent as clear
text.
LDAP uses STARTTLS. This
allows encrypted communication using port 389.
If checked, do not change the port to 636, leave it as 389. Cisco UCS negotiates a TLS session on port 636 for SSL, but initial connection starts unencrypted on 389.
|
Filter field
|
The LDAP search is restricted to those user names that match the
defined filter.
This value is required unless a default filter has been set on
the LDAP
General tab.
|
Attribute field
|
An LDAP attribute that stores the values for the user roles and
locales. This property is always a name-value pair. The system queries the user
record for the value that matches this attribute name.
If you do not want to extend your LDAP schema, you can configure
an existing, unused LDAP attribute with the
Cisco UCS roles and locales. Alternatively, you can create an attribute named
CiscoAVPair in the remote authentication service with the following attribute
ID:
1.3.6.1.4.1.9.287247.1
This value is required unless a default attribute has been set
on the LDAP
General tab.
|
Password
field
|
The password for the LDAP database account specified in the
Bind DN field. You can enter any standard ASCII
characters except for space, § (section sign), ? (question mark), or = (equal
sign).
|
Confirm Password field
|
The LDAP database password
repeated for confirmation purposes.
|
Timeout field
|
The length of time in seconds the system spends trying to
contact the LDAP database before it times out.
Enter an integer from 1 to 60 seconds, or enter 0 (zero) to use
the global timeout value specified on the LDAP
General tab. The default is 30 seconds.
|
Vendor radio button
|
The LDAP vendor that you want to use. This can be one of the following:
|