windows LDAP authen on ACS 4.1

bankcommsysadmin · ‎06-27-2008

I have windows 2003 AD and trying to setup ACS authentication with Generic Ldap.

I fill these fields in ACS 4.1 as below

User directory subtree cn=users,dc=mydomain,dc=local

Group directory subtree cn=users,dc=mydomain,dc=local

Userobjecttype uid

Userobjectclass Person

Groupobjecttype cn

Groupobjectclass GoupOfUniqueNames

Group attribute name UniqueMember

Admin dn cn=myname,cn=users,dc=mydomain,dc=local

A authentication failure show up with â€œexternal user not foundâ€ when I try to log on to a device.Please help to fill with the exact syntax for the above fields. All examples on the web are base on Novell LDAP

Thanks in advance

Vincent

smahbub · ‎07-03-2008

ACS forwards the username and password to an LDAP database by using a Transmission Control Protocol (TCP) connection on a port that you specify. The LDAP database passes or fails the authentication request from ACS. When receiving the response from the LDAP database, ACS instructs the requesting AAA client to grant or deny the user access, depending on the response from the LDAP server.

Refer the following url for more information on Generic LDAP AUthentiication on ACS 4.1:

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.1/user/UsrDb.html#wp491718

bankcommsysadmin · ‎07-03-2008

My question is what is the default attribute name from windows directory server for UserObjectType and UserObjectClass

Thks

andypalfrey · ‎07-09-2008

Userobjecttype: cn

Userobjectclass: user

Regards

Andy