Need Help With ACS LDAP setup to Query AD

Unanswered Question
Dec 14th, 2007
User Badges:

I have 2 Win 2003 ADs, one of them is configured and working under Windows Database (using remote agent) configuration. I am trying to setup the second AD with Generic LDAP setup. I want to know what exactly I should use in the fields UserObjectType and Class, and GroupObjectType and Class for Windows 2003 AD. All Cisco documents give example of Netscape LDAP syntax. I was told by our server admin. what to put under Admin DN, CN=myid,OU=mygroup,OU=myorg,DC=mydomain,DC=com


I have both user & group directory subtree fields filled with DC=mydomain,DC=com.

I am using the ip address for Primary LDAP server, and port is 389, LDAP version 3 is checked.

Is any of these DC, OU, etc. case sensitive?


With all entries that I have tried, when I go to map a group, I am getting error "LDAP server NOT reachable. Please check the configuration". My ACS can ping the domain controller's IP address fine.


Please help. Thank you in advance,


Murali

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
malagudu Tue, 12/18/2007 - 12:04
User Badges:

Thanks. I got LDAP configured and I know ACS is working when I test connection. However, when I connect a PC to a switch port that does 802.1x authentication, the request is not passed on to the LDAP server that is configured in ACS appliance. Can you please confirm if indeed we can use LDAP server configuration in ACS to authentication 802.1x clients? I did a port capture on the ACS port and verified all the communications in and out of ACS.


Thank you in advance.


Murali

bankcommsysadmin Sat, 06/28/2008 - 06:38
User Badges:

Hi Murali,


It seems that you have the solution. Unfortunately I am still not solved this issue. Please comment my configuration below.

User directory subtree cn=users,dc=mydomain,dc=local

Group directory subtree cn=users,dc=mydomain,dc=local

Userobjecttype uid

Userobjectclass Person

Groupobjecttype cn

Groupobjectclass GoupOfUniqueNames

Group attribute name UniqueMember

Admin dn cn=myname,cn=users,dc=mydomain,dc=local


Thanks in advance


Vincent



Actions

This Discussion