Cisco Systems OL-24201-01 manual Configuring External Ldap Directory Organization

Table 8-7

LDAP: Server Connection Page (continued)

Option

Description

Admin DN

Enter the domain name of the administrator; that is, the LDAP account which, if bound to,

permits searching for all required users under the User Directory Subtree and permits

searching groups.

If the administrator specified does not have permission to see the group name attribute in

searches, group mapping fails for users that LDAP authenticates.

Password

Type the LDAP administrator account password.

Use Secure Authentication

Click to use Secure Sockets Layer (SSL) to encrypt communication between ACS and the

secondary LDAP server. Verify the Port field contains the port number used for SSL on the

LDAP server. If you enable this option, you must select a root CA.

Root CA

Select a trusted root certificate authority from the drop-down list box to enable secure

authentication with a certificate.

Server Timeout <sec.>

Type the number of seconds that ACS waits for a response from the secondary LDAP server

Seconds

before determining that the connection or authentication with that server has failed, where

<sec.> is the number of seconds. Valid values are 1 to 300. (Default = 10.)

Max Admin Connections

Type the maximum number of concurrent connections (greater than 0) with LDAP

administrator account permissions, that can run for a specific LDAP configuration. These

connections are used to search the directory for users and groups under the User Directory

Subtree and Group Directory Subtree. Valid values are 1 to 99. (Default = 8.)

Test Bind To Server

Click to test and ensure that the secondary LDAP server details and credentials can

successfully bind. If the test fails, edit your LDAP server details and retest.

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

8-29