11-23
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter11 Working with User Databases Generic LDAP
Note To specify that Cisco Secure ACS should always use the primary
LDAP server first, type 0 (zero) in the Failback Retry Delay box.
Step 20 For the Primary LDAP Server and Secondary LDAP Server tables, follow these
steps:
Note If you did not select the On Timeout Use Secondary check box, you
do not need to complete the options in the Secondary LDAP Server
table.
a. In the Hostname box, type the name or IP address of the machine that is
running the LDAP software. If you are using DNS on your network, you can
type the hostname instead of the IP address.
b. In the Port box, type the TCP/IP port number on which the LDAP server is
listening. The default is 389, as stated in the LDAP specification. If you do
not know the port number, you can find this information by viewing those
properties on the LDAP server. If you want to use secure authentication, port
number 636 is usually used.
c. To specify that CiscoSecure ACS should use LDAP version 3 to
communicate with your LDAP database, select the LDAP Version check box.
If the LDAP Version check box is not selected, CiscoSecure ACS uses LDAP
version 2.
d. The username and password credentials are normally passed over the network
to the LDAP directory in clear text. To enhance security, select the Use secure
authentication check box.
e. In the Certificate Database Path box, type the path to the cert7.db file, which
contains the certificates for the server to be queried and the trusted CA.
f. The Admin DN box requires the fully qualified (DN) of the administrator;
that is, the LDAP account which, if bound to, permits searches for all required
users under the User Directory Subtree.