Chapter 11 Working with User Databases
Generic LDAP
11-32
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Step 20
For the Primary LDAP Server and Secondary LDAP Server tables, follow these
steps:
Note
If you did not select the On Timeout Use Secondary check box, you do
not need to complete the options in the Secondary LDAP Server table.
a.
In the Hostname box, type the name or IP address of the server that is running
the LDAP software. If you are using DNS on your network, you can type the
hostname instead of the IP address.
b.
In the Port box, type the TCP/IP port number on which the LDAP server is
listening. The default is 389, as stated in the LDAP specification. If you do
not know the port number, you can find this information by viewing those
properties on the LDAP server. If you want to use secure authentication, port
636 is usually used.
c.
To specify that Cisco Secure ACS should use LDAP version 3 to
communicate with your LDAP database, select the LDAP Version check box.
If the LDAP Version check box is not selected, Cisco Secure ACS uses LDAP
version 2.
d.
The username and password credentials are normally passed over the network
to the LDAP directory in clear text. To enhance security, select the Use secure
authentication check box.
e.
In the Certificate Database Path box, type the path to the
cert7.db
file, which
contains the certificates for the server to be queried and the trusted CA.
f.
The Admin DN box requires the fully qualified (DN) of the administrator;
that is, the LDAP account which, if bound to, permits searches for all required
users under the User Directory Subtree.
In the Admin DN box, type the following information from your LDAP
server:
uid=
user id
,[ou=
organizational unit
,][ou=
next organizational
unit
]o=
organization
where user id is the username
organizational unit is the last level of the tree
next organizational unit is the next level up the tree.