R21xx-HP FlexFabric 11900 Security Configuration Guide
38
Ste
p
Command
Remarks
7. (Optional.) Specify the user
object class.
user-parameters user-object-class
object-class-name
By default, no user object is
specified, and the default user
object class on the LDAP server is
used.
Creating an LDAP scheme
You can configure up to 16 LDAP schemes. An LDAP scheme can be referenced by multiple ISP domains.
To create an LDAP scheme:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Create an LDAP scheme
and enter its view.
ldap scheme ldap-scheme-name
By default, no LDAP scheme is defined.
Specifying the LDAP authentication server
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enter LDAP scheme view.
ldap scheme ldap-scheme-name N/A
3. Specify the LDAP
authentication server.
authentication-server server-name
By default, no LDAP authentication
server is specified.
Displaying and maintaining LDAP
Execute the display command in any view.
Task Command
Display the configuration of LDAP schemes. display ldap scheme [ scheme-name ]
Configuring AAA methods for ISP domains
You configure AAA methods for an ISP domain by referencing configured AAA schemes in ISP domain
view. Each ISP domain has a set of system predefined AAA methods, which are local authentication,
local authorization, and local accounting. If you do not configure any AAA methods for an ISP domain,
the device uses the system predefined AAA methods for users in the domain.
Configuration prerequisites
To use local authentication for users in an ISP domain, configure local user accounts on the device first.
See "Configuring local user attributes."
To use remote authentication, authorization, and accounting, create the required RADIUS, HWTACACS,
and LDAP schemes as described in "Configuring RADIUS schemes," "Configuring HWTACACS
sc
hemes," and "Configuring LDAP schemes."