I am trying to configure LDAP on our FOS 6.4.2a switches, some of which are configured with Virtual Fabrics.
The issue I have is that the AD Administrators have no desire to make Schema changes, and in the Admin Guide that is listed as a step.
LDAP configuration and Microsoft Active Directory
(Fabric OS Administrator's Guide, v6.4 Page 111)
Adding attributes to the Active Directory Schema
To create a group in Active Directory, refer to www.microsoft.com or Microsoft documentation. You will need to verify that the schema has the following attributes:
• Add a new attribute brcdAdVfData as Unicode String.
• Add brcdAdVfData to the person’s properties.
The Commands I know I need to run are:
ldapcfg --maprole BrocadeAdmin Admin
ldapcfg --maprole BrocadeUser User
ldapcfg --maprole BrocadeOperator Operator
ldapcfg --maprole BrocadeSwitchAdmin SwitchAdmin
aaaconfig --add 10.30.50.70 -conf ldap -p 389 -d our.ad
aaaconfig --add 10.30.55.70 -conf ldap -p 389 -d our.ad
aaaconfig --authspec “ldap;local” -backup
I have seen some blogs online where people talk about setting up AD/LDAP without mentioning a schema change.
Could someone please let me know if it is possible to configure AD/LDAP without needing Schema changes?
Also if that is possible when the roles are mapped is it on all the Virtual Switches or just the FID you run it on?
I ask because there is another team that doesn't need access to half the Virtual Switches
Thanks in advance.
There is currently no method available to implement AD/LDAP without schema change. Brocade engineering is aware of this and a method will be made available in the near future.