6-37
User Guide for Cisco Security Manager 4.4
OL-28826-01
Chapter6 Managing Policy Objects
Understanding AAA Server and Server Group Objects
AAA Server Dialog Box—LDAP Settings
Use the LDAP settings in the AAA Server dialog box to configure an LDAP AAA server object.
Note This type of AAA server can be configured only on ASA, PIX 7.x+, FWSM 3.1+, and IOS devices.
Navigation Path
Go to the Add or Edit AAA Server Dialog Box, page 6-30 and select LDAP in the Protocol field.
Related Topics
Creating AAA Server Objects, page 6-29
Understanding AAA Server and Server Group Objects, page 6-24
AAA Server Group Dialog Box, page 6-46
Field Reference
Table6-11 AAA Server Dialog Box—LDAP Settings
Element Description
Enable LDAP over
SSL/Secure Communication
Whether to establish a secure SSL connection between the device and
the LDAP server.
Tip You must select this option when using a Microsoft Active
Directory LDAP server in order to enable password
management.
No Negotiation
(IOS only.)
When selected, this checkbox precludes further negotiation and moves
to accept the channels previously established and accepted.
Server Port The port used for communicating with the AAA server. The default is
389.
Login Directory The name of the username or directory object in the LDAP hierarchy
used for authenticated binding (maximum of 128 characters).
Authenticated binding is required by some LDAP servers (including the
Microsoft Active Directory server) before other LDAP operations can
be performed. This field describes the authentication characteristics of
the device. These characteristics should correspond to those of a user
with administrator privileges.
This string is case-sensitive. Spaces are not permitted in the string, but
other special characters are allowed.
Typically, this is a username such as DOMAIN\Administrator.
However, you can use the more traditional format too, for example,
cn=Administrator,OU=Employees,DN=example,DN=com.
Login Password The case-sensitive, alphanumeric password for accessing the LDAP
server (maximum of 64 characters). Spaces are not allowed.
Encrypted (IOS) Whether the login password is encrypted.