Cisco MDS 9000 Series Configuration Manual page 69

Configuring Security Features on an External AAA Server
Step 2
switch(config)# ldap search-map map1
switch(config-ldap-search-map)#
Configures an LDAP search map.
Step 3 Example 1
switch(config-ldap-search-map)# userprofile attribute-name description search-filter
"(&(objectClass=inetOrgPerson)(cn=$userid))" base-DN dc=acme,dc=com
Example 2
switch(config-ldap-search-map)# userprofile attribute-name "memberOf" search-filter
"(&(objectClass=inetOrgPerson)(cn=$userid))" base-DN dc=acme,dc=com
(Optional) Configures the attribute name, search filter, and base-DN for the user profile, trusted certificate,
CRL, certificate DN match, public key match, or user-switchgroup lookup search operation. These values are
used to send a search query to the LDAP server.
Note
Specifies the groups to which the user is a member of.
Step 4
switch(config-ldap-search-map)# exit
switch(config)#
Exits LDAP search map configuration mode.
Step 5 switch(config)# show ldap-search-map
(Optional) Displays the configured LDAP search maps.
Step 6
switch# copy running-config startup-config
(Optional) Copies the running configuration to the startup configuration.
Configuring the LDAP Dead-Time Interval
You can configure the dead-time interval for all LDAP servers. The dead-time interval specifies the time that
the Cisco NX-OS device waits, after declaring that an LDAP server is dead, before sending out a test packet
to determine if the server is now alive.
Note When the dead-time interval is 0 minutes, LDAP servers are not marked as dead even if they are not responding.
You can configure the dead-time interval per group.
To configure the LDAP dead-time interval, follow these steps:
Procedure
Step 1
switch# configure terminal
The LDAP search filter string is limited to a maximum of 128 characters.
Cisco MDS 9000 Series Security Configuration Guide, Release 8.x
Configuring the LDAP Dead-Time Interval
51