Chapter 28 AAA Server

28.2.1 aaa group server ad Commands

The following table lists the aaa group server ad commands you use to configure a group of AD servers.

Table 110 aaa group server ad Commands

COMMAND

DESCRIPTION

clear aaa group server ad [group-

Deletes all AD server groups or the specified AD

name]

server group.

 

Note: You can NOT delete a server group

 

that is currently in use.

 

 

show aaa group server ad group-

Displays the specified AD server group settings.

name

 

[no] aaa group server ad group-

Sets a descriptive name for an AD server group. Use

name

this command to enter the sub-command mode.

 

The no command deletes the specified server group.

aaa group server ad rename group-

Changes the descriptive name for an AD server group.

name group-name

 

aaa group server ad group-name

Enter the sub-command mode to configure an AD

 

server group.

[no] server alternative-cn-

Sets the second type of identifier that the users can

identifier uid

use to log in if any. For example “name” or “e-mail

 

address”. The no command clears this setting.

[no] server basedn basedn

Sets a base distinguished name (DN) to point to the

 

AD directory on the AD server group. The no

 

command clears this setting.

[no] server binddn binddn

Sets the user name the NXC uses to log into the AD

 

server group. The no command clears this setting.

[no] server cn-identifier uid

Sets the unique common name (cn) to identify a

 

record. The no command clears this setting.

[no] server description

Sets the descriptive information for the AD server

description

group. You can use up to 60 printable ASCII

 

characters. The no command clears the setting.

[no] server group-attribute

Sets the name of the attribute that the NXC is to check

group-attribute

to determine to which group a user belongs. The value

 

for this attribute is called a group identifier; it

 

determines to which group a user belongs. You can

 

add ext-group-user user objects to identify groups

 

based on these group identifier values.

 

For example you could have an attribute named

 

“memberOf” with values like “sales”, “RD”, and

 

“management”. Then you could also create an ext-

 

group-user user object for each group. One with

 

“sales” as the group identifier, another for “RD” and a

 

third for “management”. The no command clears the

 

setting.

[no] server host ad_server

Enter the IP address (in dotted decimal notation) or the

 

domain name of an AD server to add to this group. The

 

no command clears this setting.

[no] server password password

Sets the bind password (up to 15 alphanumerical

 

characters). The no command clears this setting.

188

 

NXC CLI Reference Guide