Configuring A Generic Ldap External User Database - Cisco 3.3 User Manual

Chapter 13 User Databases

Configuring a Generic LDAP External User Database

78-16592-01
Admin DN—The DN of the administrator; that is, the LDAP account
–
which, if bound to, permits searches for all required users under the User
Directory Subtree. It must contain the following information about your
LDAP server:
uid=user id,[ou=organizational unit,][ou=next organizational
unit]o=organization
where user id is the username, organizational unit is the last level of the
tree, and next organizational unit is the next level up the tree.
For example:
uid=joesmith,ou=members,ou=administrators,o=cisco
You can use anonymous credentials for the administrator username if the
LDAP server is configured to make the group name attribute visible in
searches by anonymous credentials. Otherwise, you must specify an
administrator username that permits the group name attribute to be
visible to searches.
If the administrator username specified does not have permission to
Note
see the group name attribute in searches, group mapping fails for
users authenticated by LDAP.
Password—The password for the administrator account specified in the
–
Admin DN box. Password case sensitivity is determined by the LDAP
server.
Creating a generic LDAP configuration provides Cisco Secure ACS information
that enables it to pass authentication requests to an LDAP database. This
information reflects the way you have implemented your LDAP database and does
not dictate how your LDAP database is configured or functions. For information
about your LDAP database, refer to your LDAP documentation.
Before You Begin
For information about the options on the LDAP Database Configuration page, see
LDAP Configuration Options, page 13-37.
User Guide for Cisco Secure ACS for Windows Server
Generic LDAP
13-43