For more details, please see ourCookie Policy.

Fibre Channel (SAN)

Posts: 0

LDAP Configuration without a Schema Change

I am trying to configure LDAP on our FOS 6.4.2a switches, some of which are configured with Virtual Fabrics.

The issue I have is that the AD Administrators have no desire to make Schema changes, and in the Admin Guide that is listed as a step.

LDAP configuration and Microsoft Active Directory

(Fabric OS Administrator's Guide, v6.4 Page 111)

   Adding attributes to the Active Directory Schema

    To create a group in Active Directory, refer to or Microsoft documentation. You will need to verify that the schema has the following attributes:

        • Add a new attribute brcdAdVfData as Unicode String.

        • Add brcdAdVfData to the person’s properties.

The Commands I know I need to run are:


ldapcfg --maprole BrocadeAdmin Admin

ldapcfg --maprole BrocadeUser User

ldapcfg --maprole BrocadeOperator Operator

ldapcfg --maprole BrocadeSwitchAdmin SwitchAdmin

aaaconfig --add -conf ldap -p 389 -d

aaaconfig --add -conf ldap -p 389 -d

aaaconfig --show

aaaconfig --authspec “ldap;local” -backup

aaaconfig --show

I have seen some blogs online where people talk about setting up AD/LDAP without mentioning a schema change.

Could someone please let me know if it is possible to configure AD/LDAP without needing Schema changes?

Also if that is possible when the roles are mapped is it on all the Virtual Switches or just the FID you run it on?

I ask because there is another team that doesn't need access to half the Virtual Switches

Thanks in advance.

Posts: 0

Re: LDAP Configuration without a Schema Change


There is currently no method available to implement AD/LDAP without schema change. Brocade engineering is aware of this and a method will be made available in the near future.

Join the Broadcom Support Community

Get quick and easy access to valuable resources across the Broadcom Community Network.