User Guide

256 Chapter 6 Configuring authentication

320818-A

Managing LDAP authentication servers using the CLI

You can configure additional LDAP servers for the domain, for redundancy. You

can have a maximum of three LDAP authentication servers in the configuration.

You can control the order in which the LDAP servers respond to authentication

requests.

If there is more than one LDAP server configured for the Nortel SNAS 4050

domain, the first accessible LDAP server in the list returns a reply to the query.

This stops the query, regardless of whether or not the client’s credentials were

matched. If you add more than one LDAP server to the domain, for redundancy,

ensure that each listed LDAP server contains the same SSL domain client

database.

If the Nortel SNAS 4050 clients are dispersed in different LDAP server databases,

you can configure the LDAP servers as separate authentication methods, with

different authentication IDs. If you include all LDAP authentication IDs in the

authentication order, each LDAP server will be used to authenticate client groups.

To enable LDAP authentication, ensure that the authentication ID that represents

the LDAP configuration is included in the authentication order you have specified

for the Nortel SNAS 4050 domain (see “Specifying authentication fallback order

using the CLI” on page 267).

To manage the LDAP servers used for client authentication in the domain, use the

following command:

/cfg/domain 1/aaa/auth #/ldap/servers

The LDAP servers menu displays.

The LDAP servers menu includes the following options:

/cfg/domain 1/aaa/auth #/ldap/servers

followed by:

list

Lists the IP address and port of currently configured

LDAP servers, by index number.