How to configure LDAP on 3750x

kceleslie — Fri, 21 Feb 2020 13:11:11 GMT

I've done some reading and it looks like it is possible to configure a cisco switch to use LDAP authentication but I'm struggling on what to do next. I rather not use RADIUS or tacacs+ as they both require additional configuration on the LDAP server. Am I correct that IOS can just use LDAP?

I've been using this guide, but can only seem to get halfway there.

http://www.cisco.com/c/en/us/td/docs/ios/sec_user_services/configuration/guide/convert/aaa_ldap/sec_cfg_ldap.html

I'm using Version 15.0(2)SE6 on a 3750X ip based switch and my LDAP server is a Windows 2008 R2 box. Here is what i have so far:

aaa new-model
!
!
aaa group server ldap DOMAIN
server mydomain.com

ldap attribute-map NetworkAdmins
!
ldap server mydomain.com
ipv4 10.0.1.10
transport port 636
bind authenticate root-dn "cn=ldap_svc,ou=service accounts,out=users,ou=mydomain.com,dc=mydomain,dc=com" password 7 PASSWORD
base-dn ou=users,ou=mydomain.com,dc=mydomain,dc=com
mode secure
authentication bind-first
authentication compare

If I’m understanding this correctly I have to configure an ldap server, then tell aaa to use that ldap server. I think I need to configure an ldap attribute-map but cant figure out the syntax. How do I tell it to use a specific group and how to I configure ssh or the console to use ldap?

Thanks in advance

Per Cisco: "AAA does not

kceleslie — Wed, 21 May 2014 20:25:26 GMT

Per Cisco:

"AAA does not support using an LDAP method for interactive login authentication."

topic Per Cisco: "AAA does not in Network Security

How to configure LDAP on 3750x

Per Cisco: "AAA does not