Cisco 2509 - Router - EN User Manual page 435

Chapter 11 Working with User Databases
78-14696-01, Version 3.1
Certificate Database Path—The path to the
–
must contain the certificates for the server to be queried and the trusted
CA. You can use a Netscape web browser to generate
information about generating a
documentation.
To perform secure authentication using SSL, you must provide a
certificate database file. Cisco Secure ACS requires a
cert7.db
certificate database so that it can establish the SSL connection. The
certificate database must be local to the Cisco Secure ACS Windows
server.
Cisco Secure ACS requires a
LDAP server you configure. For example, to support users distributed in
multiple LDAP trees, you could configure two LDAP instances in
Cisco Secure ACS that would communicate with the same LDAP
servers. Each LDAP instance would have a primary and secondary LDAP
server. Even though the two LDAP configurations share the same
primary server, each LDAP configuration requires that you download a
certificate database file to Cisco Secure ACS.
Note The database must be a
other filename is supported.
Admin DN—The DN of the administrator; that is, the LDAP account
–
which, if bound to, permits searches for all required users under the User
Directory Subtree. It must contain the following information about your
LDAP server:
uid=user id,[ou=organizational unit,][ou=next organizational
unit]o=organization
where user id is the username, organizational unit is the last level of the
tree, and next organizational unit is the next level up the tree.
For example:
uid=joesmith,ou=members,ou=administrators,o=cisco
Password—The password for the administrator account specified in the
–
Admin DN box. Password case sensitivity is determined by the LDAP
server.
User Guide for Cisco Secure ACS for Windows Server
cert7.db
file, refer to Netscape
cert7.db
certificate database file for each
cert7.db
certificate database file. No
cert7.db
Generic LDAP
file. This file
files. For
cert7.db
11-27