Enabling LDAP-based User Login Authentication
The LDAP service can be used for authenticating and authorizing device management users (Web and CLI) based on the user's login username and password (credentials). At the same, it can also be used to determine users' management access levels (privileges). Before you can configure LDAP-based login authentication, you must enable this type of LDAP service.
Both LDAP and RADIUS (see RADIUS-based User Login Authentication) based login methods can't be used together; configure only one of them as the login method.
If you enable LDAP-based user login authentication, when users with Security Administrator privilege level log in to the device’s CLI, they are automatically given access to the CLI privileged mode (“#”). For all other user privilege levels, the user needs to run the enable command and then enter the password to access the CLI privileged mode.
➢ | To enable LDAP-based login authentication: |
1. | Open the Authentication Server page (Setup menu > Administration tab > Web & CLI folder > Authentication Server). |
2. | Under the LDAP group, from the 'Use LDAP for Web/Telnet Login' drop-down list, select Enable. |
3. | Click Apply, and then restart the device with a save-to-flash for your settings to take effect. |