Cisco Support Community
Community Member

How to configure LDAP on 3750x

I've done some reading and it looks like it is possible to configure a cisco switch to use LDAP authentication but I'm struggling on what to do next. I rather not use RADIUS or tacacs+ as they both require additional configuration on the LDAP server. Am I correct that IOS can just use LDAP?


I've been using this guide, but can only seem to get halfway there.


I'm using Version 15.0(2)SE6 on a 3750X ip based switch and my LDAP server is a Windows 2008 R2 box. Here is what i have so far:

aaa new-model
aaa group server ldap DOMAIN

ldap attribute-map NetworkAdmins
ldap server
 transport port 636
 bind authenticate root-dn "cn=ldap_svc,ou=service accounts,out=users,,dc=mydomain,dc=com" password 7 PASSWORD
 base-dn ou=users,,dc=mydomain,dc=com
 mode secure
 authentication bind-first
 authentication compare

If I’m understanding this correctly I have to configure an ldap server, then tell aaa to use that ldap server. I think I need to configure an ldap attribute-map but cant figure out the syntax. How do I tell it to use a specific group and how to I configure ssh or the console to use ldap?


Thanks in advance

Everyone's tags (1)
Community Member

Per Cisco: "AAA does not

Per Cisco:


"AAA does not support using an LDAP method for interactive login authentication."

CreatePlease to create content