Cisco 2509 - Router - EN User Manual page 440

Generic LDAP
For the Primary LDAP Server and Secondary LDAP Server tables, follow these
Step 20
steps:
Note
a.
b.
c.
d.
e.
User Guide for Cisco Secure ACS for Windows Server
11-32
If you did not select the On Timeout Use Secondary check box, you do
not need to complete the options in the Secondary LDAP Server table.
In the Hostname box, type the name or IP address of the server that is running
the LDAP software. If you are using DNS on your network, you can type the
hostname instead of the IP address.
In the Port box, type the TCP/IP port number on which the LDAP server is
listening. The default is 389, as stated in the LDAP specification. If you do
not know the port number, you can find this information by viewing those
properties on the LDAP server. If you want to use secure authentication, port
636 is usually used.
To specify that Cisco Secure ACS should use LDAP version 3 to
communicate with your LDAP database, select the LDAP Version check box.
If the LDAP Version check box is not selected, Cisco Secure ACS uses LDAP
version 2.
The username and password credentials are normally passed over the network
to the LDAP directory in clear text. To enhance security, select the Use secure
authentication check box.
In the Certificate Database Path box, type the path to the
contains the certificates for the server to be queried and the trusted CA.
The Admin DN box requires the fully qualified (DN) of the administrator;
f.
that is, the LDAP account which, if bound to, permits searches for all required
users under the User Directory Subtree.
In the Admin DN box, type the following information from your LDAP
server:
user id organizational unit
uid= ,[ou=
unit organization
]o=
where user id is the username
organizational unit is the last level of the tree
next organizational unit is the next level up the tree.
Chapter 11 Working with User Databases
cert7.db
next organizational
,][ou=
78-14696-01, Version 3.1
file, which