LDAP Authenticated Bind

Unanswered Question
Jul 7th, 2009

I have been looking for documentation on LDAP authenticated bind, except there is very little and the stuff that is there doesn't go into any detail. I was able to get authenticated binds to work properly but I wanted to ensure that it was all done correctly.

I found that the users that you are authenticating have to be in the same OU as the service account that you are using to perform the authenticated bind. For example you have an OU called Wireless. users1, user2 and a service account called WiSA are all in this OU. You can authenticate users1 and user2, but no users out of any other OU.

Is this really all there is? There appears to be no ability to do memberOf which really limits what you can do with this.

I am running 6.0.182.0. Any thoughts??

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jicr Mon, 07/13/2009 - 09:41

You can use users in another location for authenticated binding of LDAP, in that case while writing the the username you should mention entire path instead of username.

for eg: you should specify the username as cn=user,ou=cisco,ou=wireless,dc=com.

If both your client authentication username and bind username in same location then you can just specify the username controller will pick the path from the LDAP config.

I hope i answerd your question.

kylerossd Mon, 07/13/2009 - 09:54

Thanks, I will give this a try. Would you happen to know when there will be support for group membership?

jicr Mon, 07/13/2009 - 14:01

Can you explain me wht do u mean by group membership???

Let me know how the user in different ou works for u. Let me know if it is not working or u r facing any issue

kylerossd Mon, 07/13/2009 - 18:53

Thanks for your replies. What I mean by group membership is that I want to be able to use the memberOf attribute to allow access.

So for example we would create a AD group called Wireless then add the users/groups that we want into this group to allow access. Much like DAP on the ASA.

Actions

This Discussion

 

 

Trending Topics - Security & Network