41
Step Command
Remarks
7.
(Optional.) Specify the user
object class.
user-parameters user-object-class
object-class-name
By default, no user object is
specified, and the default user
object class on the LDAP server is
used.
The default user object class for this
command varies by device model.
Creating an LDAP scheme
You can configure a maximum of 16 LDAP schemes. An LDAP scheme can be used by multiple ISP
domains.
To create an LDAP scheme:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create an LDAP scheme
and enter LDAP scheme
view.
ldap scheme
ldap-scheme-name
By default, no LDAP scheme is defined.
Specifying the LDAP authentication server
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter LDAP scheme view.
ldap scheme
ldap-scheme-name
N/A
3.
Specify the LDAP
authentication server.
authentication-server
server-name
By default, no LDAP authentication
server is specified.
Displaying and maintaining LDAP
Execute the
display
command in any view.
Task Command
Display the configuration of LDAP schemes.
display ldap scheme
[
scheme-name
]
Configuring AAA methods for ISP domains
You configure AAA methods for an ISP domain by specifying configured AAA schemes in ISP domain
view. Each ISP domain has a set of system-defined AAA methods, which are local authentication, local
authorization, and local accounting. If you do not configure any AAA methods for an ISP domain, the
device uses the system-defined AAA methods for users in the domain.