Configuring LDAP Search Maps
You can configure LDAP search maps to send a search query to the LDAP server. The server searches its
database for data meeting the criteria specified in the search map.
Before you begin
Enable LDAP.
SUMMARY STEPS
1.
configure terminal
2.
ldap search-map map-name
3.
(Optional) [
userprofile
|
trustedCert
|
CRLLookup
|
user-certdn-match
|
user-pubkey-match
|
user-switch-bind
]
attribute-name attribute-name search-filter filter base-DN base-DN-name
4.
(Optional)
exit
5.
(Optional)
show ldap-search-map
6.
(Optional)
copy running-config startup-config
DETAILED STEPS
Purpose
Command or Action
Enters global configuration mode.
configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Configures an LDAP search map.
ldap search-map map-name
Example:
Step 2
switch(config)# ldap search-map map1
switch(config-ldap-search-map)#
Configures the attribute name, search filter, and base-DN
for the user profile, trusted certificate, CRL, certificate DN
(Optional) [
userprofile
|
trustedCert
|
CRLLookup
|
user-certdn-match
|
user-pubkey-match
|
Step 3
match, public key match, or user-switchgroup lookup search
user-switch-bind
]
attribute-name attribute-name
search-filter filter base-DN base-DN-name
operation. These values are used to send a search query to
the LDAP server.
Example:
The
attribute-name
argument is the name of the attribute
in the LDAP server that contains the Nexus role definition.
switch(config-ldap-search-map)# userprofile
attribute-name att-name search-filter
(&(objectClass=inetOrgPerson)(cn=$userid)) base-DN
dc=acme,dc=com
Exits LDAP search map configuration mode.
(Optional)
exit
Example:
Step 4
switch(config-ldap-search-map)# exit
switch(config)#
Displays the configured LDAP search maps.
(Optional)
show ldap-search-map
Example:
Step 5
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
118
Configuring LDAP
Configuring LDAP Search Maps