Ldap Server Connection | Cisco Systems OL-24201-01 manual

Chapter 8 Managing Users and Identity Stores

Managing External Identity Stores

Table 8-7		LDAP: Server Connection Page (continued)

	Option		Description

	Anonymous Access		Click to ensure that searches on the LDAP directory occur anonymously. The server does not
			distinguish who the client is and will allow the client read access to any data that is configured
			accessible to any unauthenticated client.
			In the absence of specific policy permitting authentication information to be sent to a server,
			a client should use an anonymous connection.

	Authenticated Access		Click to ensure that searches on the LDAP directory occur with administrative credentials. If
			so, enter information for the Admin DN and Password fields.

	Admin DN		Enter the distinguished name of the administrator; that is, the LDAP account which, if bound
			to, permits searching all required users under the User Directory Subtree and permits
			searching groups.
			If the administrator specified does not have permission to see the group name attribute in
			searches, group mapping fails for users that LDAP authenticates.

	Password		Enter the LDAP administrator account password.

	Use Secure Authentication		Click to use Secure Sockets Layer (SSL) to encrypt communication between ACS and the
			primary LDAP server. Verify the Port field contains the port number used for SSL on the
			LDAP server. If you enable this option, you must select a root CA.

	Root CA		Select a trusted root certificate authority from the drop-down list box to enable secure
			authentication with a certificate.

	Server Timeout <sec.>		Enter the number of seconds that ACS waits for a response from the primary LDAP server
	Seconds		before determining that the connection or authentication with that server has failed, where
			<sec.> is the number of seconds. Valid values are 1 to 300. (Default = 10.)

	Max Admin Connections		Enter the maximum number of concurrent connections (greater than 0) with LDAP
			administrator account permissions, that can run for a specific LDAP configuration. These
			connections are used to search the directory for users and groups under the User Directory
			Subtree and Group Directory Subtree. Valid values are 1 to 99. (Default = 8.)

	Test Bind To Server		Click to test and ensure that the primary LDAP server details and credentials can successfully
			bind. If the test fails, edit your LDAP server details and retest.

	Secondary Server

	Hostname		Enter the IP address or DNS name of the machine that is running the secondary LDAP
			software. The hostname can contain from 1 to 256 characters or a valid IP address expressed
			as a string. The only valid characters for hostnames are alphanumeric characters (a to z, A to
			Z, 0 to 9), the dot (.), and the hyphen (-).

	Port		Enter the TCP/IP port number on which the secondary LDAP server is listening. Valid values
			are from 1 to 65,535. The default is 389, as stated in the LDAP specification. If you do not
			know the port number, you can find this information by viewing DS Properties on the LDAP
			machine.

	Anonymous Access		Click to verify that searches on the LDAP directory occur anonymously. The server does not
			distinguish who the client is and will allow the client to access (read and update) any data that
			is configured to be accessible to any unauthenticated client.
			In the absence of specific policy permitting authentication information to be sent to a server,
			a client should use an anonymous connection.

	Authenticated Access		Click to ensure that searches on the LDAP directory occur with administrative credentials. If
			so, enter information for the Admin DN and Password fields.

		User Guide for Cisco Secure Access Control System 5.3


	8-28		OL-24201-01
	8-28		OL-24201-01

Cisco Systems OL-24201-01 manual Ldap Server Connection

Models: OL-24201-01

LDAP: Server Connection Page (continued)

Option

OL-24201-01