• Microsoft Active Directory
• LDAP over Secure Sockets Layer (SSL) supports only SSL version 3 and Transport Layer Security (TLS)
version 1.
• If you have a user account configured on the local Cisco NX-OS device that has the same name as a
remote user account on a AAA server, the Cisco NX-OS software applies the user roles for the local user
account to the remote user, not the user roles configured on the AAA server.
Default Settings for LDAP
This table lists the default settings for LDAP parameters.
Default
Parameters
Disabled
LDAP
First search and then bind
LDAP authentication method
Plain
LDAP authentication mechanism
0 minutes
Dead-time interval
5 seconds
Timeout interval
60 minutes
Idle timer interval
test
Periodic server monitoring username
Cisco
Periodic server monitoring password
Configuring LDAP
This section describes how to configure LDAP on a Cisco NX-OS device.
LDAP Server Configuration Process
You can configure LDAP servers by following this configuration process.
1.
Enable LDAP.
2.
Establish the LDAP server connections to the Cisco NX-OS device.
3.
If needed, configure LDAP server groups with subsets of the LDAP servers for AAA authentication
methods.
4.
(Optional) Configure the TCP port.
5.
(Optional) Configure the default AAA authorization method for the LDAP server.
6.
(Optional) Configure an LDAP search map.
7.
(Optional) If needed, configure periodic LDAP server monitoring.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
109
Configuring LDAP
Default Settings for LDAP