Table of Contents
Advertisement
Chapter 11
Working with User Databases
Note
Step 20
For the Primary LDAP Server and Secondary LDAP Server tables, follow these
steps:
Note
a.
b.
c.
d.
e.
f.
78-13751-01, Version 3.0
To specify that Cisco Secure ACS should always use the primary
LDAP server first, type
If you did not select the On Timeout Use Secondary check box, you
do not need to complete the options in the Secondary LDAP Server
table.
In the Hostname box, type the name or IP address of the machine that is
running the LDAP software. If you are using DNS on your network, you can
type the hostname instead of the IP address.
In the Port box, type the TCP/IP port number on which the LDAP server is
listening. The default is 389, as stated in the LDAP specification. If you do
not know the port number, you can find this information by viewing those
properties on the LDAP server. If you want to use secure authentication, port
number 636 is usually used.
To specify that Cisco Secure ACS should use LDAP version 3 to
communicate with your LDAP database, select the LDAP Version check box.
If the LDAP Version check box is not selected, Cisco Secure ACS uses LDAP
version 2.
The username and password credentials are normally passed over the network
to the LDAP directory in clear text. To enhance security, select the Use secure
authentication check box.
In the Certificate Database Path box, type the path to the
contains the certificates for the server to be queried and the trusted CA.
The Admin DN box requires the fully qualified (DN) of the administrator;
that is, the LDAP account which, if bound to, permits searches for all required
users under the User Directory Subtree.
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
(zero) in the Failback Retry Delay box.
0
Generic LDAP
file, which
cert7.db
11-23
Advertisement
Table of Contents
Troubleshooting
