Main Settings configuration of main LDAP settings

MAVIS LDAP. Main Settings

---

• Main Settings Overview

• Configure Tacacs user group

• Test Connection and Authentication

---

Feild	Description
Enabled	Enable LDAP Authentication globally.
LDAP Type Microsoft OpenLDAP if you don’t know what to choose leave it as default (first value)	By default Microsoft, but also you can select OpenLDAP, if you will use that type of LDAP.
LDAP Hosts comma-separated list of IP addresses or hostnames (don’t try to set port here), e.g. 10.2.1.2, 10.2.3.2	Comma-separated list of LDAP URLs or IP addresses or hostnames (if you preconfigured DNS servers).
Port default 389, global catalog is 3268	Default ldap port is 389, global catalog is 3268
LDAP User user to use for LDAP bind if server doesn’t permit anonymous searches, e.g. tacacs@example.com	AD user that will be used to get requests to AD. For OpenLDAP you have to set full path (dn).
LDAP Password password for LDAP User	Password of AD user that will be used to get requests to AD.
LDAP Base base DN of your LDAP server, e.g. dc=domain,dc=name	Base DN of your LDAP server, e.g. dc=domain,dc=name.
LDAP Search Attribute LDAP search attribute, e.g. sAMAccountName	LDAP search filter for AD user, e.g. sAMAccountName (recommended) or cn and so on.
Test Connection	It is the easiest way to test ldap connection, if you see LDAP Test: Success, ldap configured correctly

There is four type of responce:

• RESULT ERR

  means ldap connection error

• RESULT NFD

  means ldap user not found

• RESULT NAK

  means ldap user found, but password incorrect OR that user doesn’t member of any tacacs group

• RESULT ACK

  means ldap user found, also you can see used tacacs groups (TACMEMBER)

As you can see test authentication process return success message – RESULT ACK. Also that output show for us that user is member of ldap_main group for tacacs daemon – TACMEMBER “ldap_main”.

If you see RESULT ACK, it is the good time to check your configuration on real devices.

---