Cisco 9x00 series: User authentication on LDAP/S server

MadyS · ‎02-08-2021

Hello,

I have 9200 IOS XE 16.x.x and 17.x.x catalysts on which I would like to set up CLI user authentication by LDAP / LDAPS server.

My question is whether this is possible with only an LDAP server without any AAA server (TACACS +, Radius)?

I have seen some documents but I am confused because according to some it seems that this is possible with the new IOS versions.

Can you please answer this question, the answer has a strong impact on my architecture.

Thank you for your efforts .

Best regards

balaji.bandi · ‎02-08-2021

Most use case use Radius/ TACACS (back ground with LADP as authentication) - as per our expereince in the real deployment.

You are right some documents says yes/no, but again no one have clear post or test results, if this is your requirement, you can test as PoC before offering any solution or learn what is missing.

when i did some digging past this what i have URL (not sure if this help you )

https://www.cisco.com/en/US/docs/ios-xml/ios/san/configuration/xe-3se/3850/san-local-ldap.html#concept_4103DAF7513D48D787217FADF051EB84

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

pieterh · ‎02-09-2021

this configuration guide says it is possible, but a catch...... using IPv6
How to Configure IPv6 Support for LDAP

Hmmmm..... link is for 9600, (9x00 series...) but same guide for 9200 does not show LDAP

network_security · ‎02-25-2024

@MadyS

Im facing the same issue ATM, did you manage to find any solution?

were you successful doing the authentication only LDAP server without any other AAA server?