Chapter 8 Managing Users and Identity Stores

Managing External Identity Stores

Table 8-7

LDAP: Server Connection Page (continued)

 

 

 

 

 

Option

 

Description

 

 

 

 

Anonymous Access

Click to ensure that searches on the LDAP directory occur anonymously. The server does not

 

 

 

 

 

 

distinguish who the client is and will allow the client read access to any data that is configured

 

 

 

 

 

 

accessible to any unauthenticated client.

 

 

 

 

 

 

In the absence of specific policy permitting authentication information to be sent to a server,

 

 

 

 

 

 

a client should use an anonymous connection.

 

 

 

 

Authenticated Access

Click to ensure that searches on the LDAP directory occur with administrative credentials. If

 

 

 

 

 

 

so, enter information for the Admin DN and Password fields.

 

 

 

 

 

Admin DN

 

Enter the distinguished name of the administrator; that is, the LDAP account which, if bound

 

 

 

 

 

 

to, permits searching all required users under the User Directory Subtree and permits

 

 

 

 

 

 

searching groups.

 

 

 

 

 

 

If the administrator specified does not have permission to see the group name attribute in

 

 

 

 

 

 

searches, group mapping fails for users that LDAP authenticates.

 

 

 

 

 

Password

 

Enter the LDAP administrator account password.

 

 

 

 

Use Secure Authentication

Click to use Secure Sockets Layer (SSL) to encrypt communication between ACS and the

 

 

 

 

 

 

primary LDAP server. Verify the Port field contains the port number used for SSL on the

 

 

 

 

 

 

LDAP server. If you enable this option, you must select a root CA.

 

 

 

 

 

Root CA

 

Select a trusted root certificate authority from the drop-down list box to enable secure

 

 

 

 

 

 

authentication with a certificate.

 

 

 

 

Server Timeout <sec.>

Enter the number of seconds that ACS waits for a response from the primary LDAP server

 

Seconds

 

before determining that the connection or authentication with that server has failed, where

 

 

 

 

 

 

<sec.> is the number of seconds. Valid values are 1 to 300. (Default = 10.)

 

 

 

 

Max Admin Connections

Enter the maximum number of concurrent connections (greater than 0) with LDAP

 

 

 

 

 

 

administrator account permissions, that can run for a specific LDAP configuration. These

 

 

 

 

 

 

connections are used to search the directory for users and groups under the User Directory

 

 

 

 

 

 

Subtree and Group Directory Subtree. Valid values are 1 to 99. (Default = 8.)

 

 

 

 

Test Bind To Server

Click to test and ensure that the primary LDAP server details and credentials can successfully

 

 

 

 

 

 

bind. If the test fails, edit your LDAP server details and retest.

 

 

 

 

 

Secondary Server

 

 

 

 

 

 

 

Hostname

 

Enter the IP address or DNS name of the machine that is running the secondary LDAP

 

 

 

 

 

 

software. The hostname can contain from 1 to 256 characters or a valid IP address expressed

 

 

 

 

 

 

as a string. The only valid characters for hostnames are alphanumeric characters (a to z, A to

 

 

 

 

 

 

Z, 0 to 9), the dot (.), and the hyphen (-).

 

 

 

 

 

Port

 

Enter the TCP/IP port number on which the secondary LDAP server is listening. Valid values

 

 

 

 

 

 

are from 1 to 65,535. The default is 389, as stated in the LDAP specification. If you do not

 

 

 

 

 

 

know the port number, you can find this information by viewing DS Properties on the LDAP

 

 

 

 

 

 

machine.

 

 

 

 

Anonymous Access

Click to verify that searches on the LDAP directory occur anonymously. The server does not

 

 

 

 

 

 

distinguish who the client is and will allow the client to access (read and update) any data that

 

 

 

 

 

 

is configured to be accessible to any unauthenticated client.

 

 

 

 

 

 

In the absence of specific policy permitting authentication information to be sent to a server,

 

 

 

 

 

 

a client should use an anonymous connection.

 

 

 

 

Authenticated Access

Click to ensure that searches on the LDAP directory occur with administrative credentials. If

 

 

 

 

 

 

so, enter information for the Admin DN and Password fields.

 

 

 

 

 

 

 

 

 

 

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

 

 

 

 

 

8-28

 

 

 

 

OL-24201-01

 

 

 

 

 

 

 

Page 180
Image 180
Cisco Systems OL-24201-01 manual Ldap Server Connection