Brocade Fibre Channel Networking Community

Expand all | Collapse all

LDAP Configuration without a Schema Change

  • 1.  LDAP Configuration without a Schema Change

    Posted 03-28-2013 05:13 AM

    I am trying to configure LDAP on our FOS 6.4.2a switches, some of which are configured with Virtual Fabrics.

    The issue I have is that the AD Administrators have no desire to make Schema changes, and in the Admin Guide that is listed as a step.

    LDAP configuration and Microsoft Active Directory

    (Fabric OS Administrator's Guide, v6.4 Page 111)

       Adding attributes to the Active Directory Schema

        To create a group in Active Directory, refer to or Microsoft documentation. You will need to verify that the schema has the following attributes:

            • Add a new attribute brcdAdVfData as Unicode String.

            • Add brcdAdVfData to the person’s properties.

    The Commands I know I need to run are:


    ldapcfg --maprole BrocadeAdmin Admin

    ldapcfg --maprole BrocadeUser User

    ldapcfg --maprole BrocadeOperator Operator

    ldapcfg --maprole BrocadeSwitchAdmin SwitchAdmin

    aaaconfig --add -conf ldap -p 389 -d

    aaaconfig --add -conf ldap -p 389 -d

    aaaconfig --show

    aaaconfig --authspec “ldap;local” -backup

    aaaconfig --show

    I have seen some blogs online where people talk about setting up AD/LDAP without mentioning a schema change.

    Could someone please let me know if it is possible to configure AD/LDAP without needing Schema changes?

    Also if that is possible when the roles are mapped is it on all the Virtual Switches or just the FID you run it on?

    I ask because there is another team that doesn't need access to half the Virtual Switches

    Thanks in advance.


  • 2.  Re: LDAP Configuration without a Schema Change

    Posted 03-29-2013 02:39 PM


    There is currently no method available to implement AD/LDAP without schema change. Brocade engineering is aware of this and a method will be made available in the near future.