Brocade Network Advisor IP User Manual v12.3.0 User Manual
Page 543
Brocade Network Advisor IP User Manual
491
53-1003153-01
AAA Settings tab
13
If you configure the external LDAP server as the primary authentication server, make the following
preparations first:
•
Make sure that the external LDAP server and its user accounts have been properly configured
(refer to
on page 502). For example, you must define roles and
areas of responsibility (AOR) in the external server to match the Management application roles
and AOR.
•
Make sure to configure the custom attributes “NmRoles” and “NmAors” on the LDAP server
(refer to
“Configuring roles and AORs on the external LDAP server”
on page 503). NmRoles
defines the Management application user roles (such as Host Administrator, IP System
Administrator, Network Administrator, Operator, Report User Group, Security Administrator,
Security Officer, and Zone Administrator). NmAors defines the areas of responsibility (such as
All IP Products or All Hosts).
If you are using an LDAP server for authentication, make the following preparations first:
•
Make sure that the LDAP server you want to use is on the network that the Management
application manages.
•
Have the IP address of the server available.
•
Know the TCP port you are using. The LDAP server uses Transport Layer Security (TLS). LDAP
over TLS generally uses port 389. If security is enabled the port number is 636. Check with the
LDAP server administrator if you are not sure which port to specify.
•
Know how long you want to wait between attempts (default is 3 seconds) to reach the server if
it is busy. This is expressed as a timeout value in seconds. Values are between 1 and 15.
•
Determine how many attempts (default is 3 times) to make to reach the server before stopping
and assuming it is unreachable. Values are between 1 and 5.
NOTE
If the LDAP server’s IP address is entered in the Management application, the LDAP server’s
hostname (if any) must still be known to the Management application host OS. The
Management application server must be using a DNS server that knows the LDAP server’s
hostname, or you must manually add the LDAP server’s hostname to the local hosts file (for
Linux the file is located in /etc/hosts and for Windows the file is located in
C:\Windows\System32\drivers\etc\hosts for Windows).
To configure an LDAP server for authentication, complete the following steps.
1. Select the AAA Settings tab.
2. Select LDAP Server from the Primary Authentication list.
3. Add or edit an LDAP server by referring to
The LDAP Servers and Sequence table displays the following information:
•
Network Address — The network address of the LDAP server.
•
Authentication Type — The authentication type (such as CHAP).
•
Security — Whether or not security is enabled.
•
TCP Port — The TCP port number of the LDAP server.
•
TimeOut (Sec) — The timeout value in seconds specified when sending an authentication
request to the server. Default is 3.
•
Attempts — The number of attempts made to reach a server before determining it is
unreachable. Default is 3.