AAA acs 4.1 to generic ldap

Unanswered Question
Jul 10th, 2007
User Badges:

Hi there

We've installed ACS 4.1 to use it for network access authentication (switches, routers) via Radius (IETF).

I setup ACS with generic ldap to verfy users from MS Active Directory.

Everything work well :-)

But how do I configure ldaps under Cisco ACS?

Thanx for help

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
bigbrother74 Tue, 07/10/2007 - 23:45
User Badges:

Hi jgambhir

I have already configured acs to use generic ldap to verify users from ms active directory successfully.

I works well with normal ldap. But I want to use ldaps over port 636 between acs and active directory server.

In the section of "Generic LDAP" -> "Primary LDAP Server" I set the port to 636 and I marked "Use Secure Authentication".

But this does not work. I don't know why because I simple can connect with an ldap client to the AD Server over ldaps and port 636 but not from acs ????

What could be the reason?

I installed the intermediate certificate in Windows 2003 Server successfully...

Any help are appreciated


Jagdeep Gambhir Wed, 07/11/2007 - 04:52
User Badges:
  • Red, 2250 points or more

Hi BB,

Please ensure the cert is installed correctly. Did you generate cert7.db file ?

How to generate "cert7.db" file :

1. Setup the LDAP with a certificate.

2. Install Netscape 4.x (this creates the cert7.db file, which is just a database of


3. Browse to https://servername:636 with the netscape browser.

4. Install the certificate selecting the option "accept this certificate forever"

5. Copy the cert7.db file to another directory (like the ACS folder)

The default location of the cert7.db file is C:\Program Files\Netscape\Users\default

6. Now just enter the path to the cert7.db file in the "Certificate DB Path" field in the

configuration for your LDAP DB in ACS.

Also let me know if you are using acs windows or acs appliance as we might need to look at the detailed logs.



bigbrother74 Wed, 07/18/2007 - 06:33
User Badges:

@ jgambhir


I installed ACS on Win 2003 Server. I use "generic ldap" to connect to ms active directory. This work perfect but ldap over ssl (ldaps) does not. Watch the attachment.

I installed the intermediate certificate correctly but it does not work anyway.

There is no firewall rule who is making any problem.

What could be the problem?

Thanx for help




This Discussion