Cisco ACS with Novell eDirectory(Ldap)

Unanswered Question
Mar 17th, 2007
User Badges:

Greetings forum,


i have been searching for the documents or some help on this forum regarding Cisco ACS with Novell eDirectory.Although im not a Cisco guy,i only work wid Novell products..

lately i was given assignment of integrating ACS with eDirectory.was having loads of problm initialy but now finally after 2 weeks of intense testing and searching its working like a charm.u mite not get info on this on the internet i thought of posting basic configuration steps for Ldap.Basically attributes are the main ones one have to luk into.the rest of the stuff cisco guys did it..

i used this Info.....


Common LDAP Configuration:


User Directory Subtree = where your users are(ou= , o= )


Group Directory Subtree = i gave here organization only


User Object Type = cn


User Object Class = InetOrgPerson


Group Object Type = cn


Group Object Class = groupofnames


Group Attribute Name = groupmember



hope this might help someone out there.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Vivek Santuka Sat, 03/17/2007 - 07:38
User Badges:
  • Cisco Employee,

Hi Hamid,


A good one here. I would like to add that edirectory by default does not allow PAP password.


So ACS->E-directory communication may fail. We need to enable that.


Regards,

Vivek

hamidccna Sun, 03/18/2007 - 00:59
User Badges:

Hi Vivek,


Thanks for writing bak mate.we are already using Freeradius with eDirectory as ldap and it was working fine..the only reason for which we might switch to ACS is that we want a better gui based and highly configurable Radius server.for eg we wanted to control simultaneous use of a user,that only took us ages to find out but never got it working..so far cisco ACS is up to the standards and i have a question here...

which protocol you think we should use for d authentication....?


Hav a nice day ,

Hamid

Vivek Santuka Mon, 03/19/2007 - 04:19
User Badges:
  • Cisco Employee,

Hamid,


The choice of protocol depends on what you are trying to authenticate.


I can help if I have a little more info.


Regards,

Vivek

daniel.marza Tue, 07/17/2007 - 02:53
User Badges:

Hi,


I'm new at this forum; first i'd like to apologize but I need a solution for a eDirectory 802.1X authentication.

Users are connecting to LAP that connect to a Wireless Lan Controller. WLC send randius connection to ACS which is trying to connect to eDirectory. I need ACS in order to provide dynamic VLAN assignment but it seems that the best option is FreeRadius. If I employ ACS what can I do to avoid the use of certificates or token servers? It seems that I can't do anything else.


Thanks,


Dani

Actions

This Discussion