Fibre Channel (SAN)

Reply
New Member
Posts: 1
Registered: ‎07-16-2008

LDAP Configuration without a Schema Change

I am trying to configure LDAP on our FOS 6.4.2a switches, some of which are configured with Virtual Fabrics.

The issue I have is that the AD Administrators have no desire to make Schema changes, and in the Admin Guide that is listed as a step.

LDAP configuration and Microsoft Active Directory

(Fabric OS Administrator's Guide, v6.4 Page 111)

   Adding attributes to the Active Directory Schema

    To create a group in Active Directory, refer to www.microsoft.com or Microsoft documentation. You will need to verify that the schema has the following attributes:

        • Add a new attribute brcdAdVfData as Unicode String.

        • Add brcdAdVfData to the person’s properties.

The Commands I know I need to run are:

       

ldapcfg --maprole BrocadeAdmin Admin

ldapcfg --maprole BrocadeUser User

ldapcfg --maprole BrocadeOperator Operator

ldapcfg --maprole BrocadeSwitchAdmin SwitchAdmin

aaaconfig --add 10.30.50.70 -conf ldap -p 389 -d our.ad

aaaconfig --add 10.30.55.70 -conf ldap -p 389 -d our.ad

aaaconfig --show

aaaconfig --authspec “ldap;local” -backup

aaaconfig --show

I have seen some blogs online where people talk about setting up AD/LDAP without mentioning a schema change.

Could someone please let me know if it is possible to configure AD/LDAP without needing Schema changes?

Also if that is possible when the roles are mapped is it on all the Virtual Switches or just the FID you run it on?

I ask because there is another team that doesn't need access to half the Virtual Switches

Thanks in advance.

Contributor
Posts: 57
Registered: ‎08-12-2009

Re: LDAP Configuration without a Schema Change


Martin,

There is currently no method available to implement AD/LDAP without schema change. Brocade engineering is aware of this and a method will be made available in the near future.

Join the Community

Get quick and easy access to valuable resource designed to help you manage your Brocade Network.