Configuring advanced ldap settings – Nortel Networks 5500 series User Manual
Page 199
Configuring authentication
199
Table 41
Managing Active Directory passwords
/cfg/doamin #/aaa/auth #/ldap/activedire
followed by:
enaexpired true|false
Specifies whether the system will perform a
password-expired check.
•
true
—the system performs a
password-expired check against Active
Directory when the client logs on.
•
false
—the system does not perform a
password-expired check against Active
Directory when the client logs on.
expiredgro <group>
Specifies the group in which clients with
expired passwords will be placed.
expasgrou
Sets the group in which users with expired
passwords should be placed.
Before using this command, define the use
group in the Local database. Configure a link
to a site where the user can change his/her
password. Configure an access rule restricting
access to the specified site.
recursivem true|false
Specifies the setting for recursive group
membership.
•
true
—if the client belongs to an Active
Directory group which, in turn, belongs to
another group, all groups are returned.
•
false
—if the client belongs to an Active
Directory group which, in turn, belongs
to another group, only the first group is
returned.
Configuring Advanced LDAP Settings
The Advanced LDAP settings configure the desired attribute/value when
searching for a user record in an LDAP/Active Directory database. The
feature is disabled by default, which means that no extra requirement is
added when searching for a user record.
To configure the advanced settings, use the following commands
Nortel Secure Network Access Switch
Using the Command Line Interface
NN47230-100
03.01
Standard
28 July 2008
Copyright © 2007, 2008 Nortel Networks
.