Cisco ASA 5505 Configuration Manual page 661

Chapter 31 Configuring AAA Servers and the Local Database
LDAP Server Fields
The following table describes the unique fields for configuring LDAP servers, for use with the
a Server to a Group" section on page
Field
Enable LDAP over SSL
check box
Server Port
Server type
Base DN
Scope
Naming Attribute(s)
OL-20339-01
31-10.
Description
When checked, SSL secures communications between the adaptive
security appliance and the LDAP server. Also called secure LDAP
(LDAP-S).
If you do not configure the SASL protocol, we strongly
Note
recommend that you secure LDAP communications with SSL.
TCP port number 389, the port which the adaptive security appliance
uses to access the LDAP server for simple (non-secure) authentication,
or TCP port 636 for secure authentication (LDAP-S).
All LDAP servers support authentication and authorization. Only
Microsoft AD and Sun LDAP servers additionally provide a VPN
remote access password management capability, which requires
LDAP-S.
A drop-down list for choosing one of the following LDAP server types:
• Detect Automatically/Use Generic Type
• Microsoft
Novell
•
OpenLDAP
•
Sun
•
The Base Distinguished Name, or location in the LDAP hierarchy where
the server should begin searching when it receives an LDAP request (for
example, OU=people, dc=cisco, dc=com).
The extent of the search the server should make in the LDAP hierarchy
when it receives an authorization request. The available options are:
One Level: Searches only one level beneath the Base DN. This
•
option is quicker.
All Levels: Searches all levels beneath the Base DN; in other words,
•
searches the entire subtree hierarchy. This option takes more time.
The Relative Distinguished Name attribute (or attributes) that uniquely
identifies an entry on the LDAP server. Common naming attributes are
Common Name (CN), sAMAccountName, userPrincipalName, and
User ID (uid).
Cisco ASA 5500 Series Configuration Guide using ASDM
Configuring AAA Server Groups
"Adding
31-15