Guest

Preview Tool

Cisco Bug: CSCvt74289 - DOC: LDAP Configuration Example should specify sAMAccountName instead of cn in search-filter

Last Modified

Apr 09, 2020

Products (1)

  • Cisco Nexus 9000 Series Switches

Known Affected Releases

7.0(3)I7(8) 9.2(4) 9.3(3)

Description (partial)

Symptom:
Documentation bug opened to modify the search-filter listed in the LDAP configuration guide for Nexus 9K

Please modify the search-filter expression in the following userprofile with
userprofile attribute-name att-name search-filter
(&(objectClass=inetOrgPerson)(cn=$userid)) base-DN dc=acme,dc=com


With the following:
userprofile attribute-name att-name search-filter "(&(objectClass=Person)(sAMAccountName=$userid))" base-DN dc=acme,dc=com

Would also be helpful to give the customer an example of how they can VALIDATE the authentication is working using the following:

! failing
test aaa group LdapServer user <user-password>
user has failed authentication

! working
test aaa group LdapServer user <user-password>
user has been authenticated

Conditions:
9K configuration guides
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.