Cisco 3.3 User Manual

Page 532

Advertising
background image

Chapter 13 User Databases

Generic LDAP

13-48

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Step 20

For the Primary LDAP Server and Secondary LDAP Server tables, follow these
steps:

Note

If you did not select the On Timeout Use Secondary check box, you do
not need to complete the options in the Secondary LDAP Server table.

a.

In the Hostname box, type the name or IP address of the server that is running
the LDAP software. If you are using DNS on your network, you can type the
hostname instead of the IP address.

b.

In the Port box, type the TCP/IP port number on which the LDAP server is
listening. The default is 389, as stated in the LDAP specification. If you do
not know the port number, you can find this information by viewing those
properties on the LDAP server. If you want to use secure authentication, port
636 is usually used.

c.

To specify that Cisco Secure ACS should use LDAP version 3 to
communicate with your LDAP database, select the LDAP Version check box.
If the LDAP Version check box is not selected, Cisco Secure ACS uses LDAP
version 2.

d.

The username and password credentials are normally passed over the network
to the LDAP directory in clear text. To enhance security, select the Use secure
authentication
check box.

e.

In the Certificate Database Path box, type the path to the

cert7.db

file, which

contains the certificates for the server to be queried and the trusted CA.

f.

The Admin DN box requires the fully qualified (DN) of the administrator;
that is, the LDAP account which, if bound to, permits searches for all required
users under the User Directory Subtree.

In the Admin DN box, type the following information from your LDAP
server:

uid=

user id

,[ou=

organizational unit

,]

[ou=

next organizational unit

]o=

organization

where user id is the username

organizational unit is the last level of the tree

next organizational unit is the next level up the tree.

Advertising