Cisco ASA Series Cli Configuration Manual page 891
Software version 9.0 for the services module
Hide thumbs
Also See for ASA Series:
- Configuration manual (429 pages) ,
- Getting started (31 pages) ,
- Mount and connect (12 pages)
Table of Contents
Advertisement
Chapter 1
Configuring the Identity Firewall
Command
Step 5
hostname(config-aaa-server-host)#
ldap-login-password string
Example:
hostname(config-aaa-server-host)#
ldap-login-password obscurepassword
Step 6
hostname(config-aaa-server-host)# ldap-login-dn
string
Example:
hostname(config-aaa-server-host)#ldap-login-dn
SAMPLE\user1
Step 7
hostname(config-aaa-server-host)# server-type
microsoft
Step 8
hostname(config-aaa-server-host)# ldap-group-base-dn
string
Example:
hostname(config-aaa-server-host)# ldap-group-base-dn
OU=Sample Groups,DC=SAMPLE,DC=com
Step 9
hostname(config-aaa-server-host)# ldap-over-ssl
enable
Step 10
hostname(config-aaa-server-host)# server-port
port-number
Examples:
hostname(config-aaa-server-host)# server-port 389
hostname(config-aaa-server-host)# server-port 636
Step 11
hostname(config-aaa-server-host)#
group-search-timeout seconds
Examples:
hostname(config-aaa-server-host)#
group-search-timeout 300
Task Flow for Configuring the Identity Firewall
Purpose
Specifies the login password for the LDAP server.
Specifies the name of the directory object that the
system should bind this as. The ASA identifies itself
for authenticated binding by attaching a Login DN
field to the user authentication request. The Login
DN field describes the authentication characteristics
of the ASA.
Where string is a case-sensitive string of up to 128
characters that specifies the name of the directory
object in the LDAP hierarchy. Spaces are not
permitted in the string, but other special characters
are allowed.
You can specify the traditional or simplified format.
The traditional ldap-login-dn in format includes:
CN=username,OU=Employees,OU=Sample
Users,DC=sample,DC=com is accepted also.
Configures the LDAP server model for the
Microsoft Active Directory server.
Specifies location of the Active Directory groups
configuration in the Active Directory domain
controller. If not specified, the value in ldap-base-dn
is used.
Specifying the ldap-group-base-dn command is
optional.
Allows the ASA to access the Active Directory
domain controller over SSL. To support LDAP over
SSL, Active Directory server needs to be configured
to have this support.
By default, Active Directory does not have SSL
configured. If SSL is not configured on on Active
Directory, you do not need to configure it on the
ASA for the Identity Firewall.
By default, if ldap-over-ssl is not enabled, the
default server-port is 389; if ldap-over-ssl is
enabled, the default server-port is 636.
Sets the amount of time before LDAP queries time
out.
Cisco ASA Series CLI Configuration Guide
1-11
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
