Mapping an active directory group to a switch role – Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual
Page 252
220
Network OS NETCONF Operations Guide
53-1003231-02
LDAP
16
Mapping an Active Directory group to a switch role
A maximum of 16 AD groups can be mapped to the switch roles.
To map an Active Directory (AD) group to a switch role, perform the following steps.
1. Issue the <edit-config> RPC to configure the <ldap-server> node in the
urn:brocade.com:mgmt:brocade-aaa namespace.
2. Under the <ldap-server> node, include the <maprole>/<group> hierarchy of node elements.
3. Under the <group> node, include the following leaf elements.
a. In the <ad-group> element, use a character string to specify the AD group you want to map
to a switch role.
b. In the <switch-role> element, specify the switch role to which you want to apply the AD
group.
In the following example, a Brocade user with the admin role inherits all privileges associated with
the Active Directory Administrator group.
<?xml version="1.0" encoding="UTF-8"?>
<rpc message-id="931" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<edit-config>
<target>
<running/>
</target>
<config>
<ldap-server xmlns="urn:brocade.com:mgmt:brocade-aaa">
<maprole>
<group>
<ad-group>Administrator</ad-group>
<switch-role>admin</switch-role>
</group>
</maprole>
</ldap-server>
</config>
</edit-config>
</rpc>
<rpc-reply message-id="931" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
Removing the mapping of an Active Directory to a switch role
To remove an AD group mapping from a switch role, perform the following steps.
1. Issue the <edit-config> RPC to configure the <ldap-server> node in the
urn:brocade.com:mgmt:brocade-aaa namespace.
2. Under the <ldap-server> node, include the <maprole>/<group> hierarchy of node elements.
3. Under the <group> node, include the following leaf elements.
4. In the <ad-group> element, specify the AD group you want to unmap and include the delete
operation in the element tag.