cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2876
Views
10
Helpful
6
Replies

ACS 4.1 LDAP server NOT reachable.

kerklaanm
Level 1
Level 1

Hi,

We have ACS 4.1 running. Everything seems to be (and has been) working fine. But when I want to add a LDAP group mapping I get an error message saying "LDAP Server NOT reachable. Please check the configuration". The ldap authentications are working fine, I just can't add a groupmapping. Where do I start troubleshooting this one?

Regards Marco

1 Accepted Solution

Accepted Solutions

Jatin Katyal
Cisco Employee
Cisco Employee

Marco,


1. Do we have large number of groups in LDAP or AD structure?
2. Also, does your Admin DN has right to query database?

ACS Authentication Process with a Generic LDAP User Database

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp354562

Configuring a Generic LDAP External User Database

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp354805


Also, please download the LDAP browser softerra to fetch the correct information and configure it accordingle.


http://www.ldapbrowser.com/download.htm


HTH

JK


Do rate helpful posts-



~Jatin

View solution in original post

6 Replies 6

Jatin Katyal
Cisco Employee
Cisco Employee

Marco,


1. Do we have large number of groups in LDAP or AD structure?
2. Also, does your Admin DN has right to query database?

ACS Authentication Process with a Generic LDAP User Database

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp354562

Configuring a Generic LDAP External User Database

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp354805


Also, please download the LDAP browser softerra to fetch the correct information and configure it accordingle.


http://www.ldapbrowser.com/download.htm


HTH

JK


Do rate helpful posts-



~Jatin

Yes, we have approx 1200 groups in the OU. If I change the OU to one with less groupw it works fine. I moved the group I needed to another OU and then made the groupmapping. After that, changed the settings back as they were. And it works. Is this a known issue with many groups?

Marco,


Yes, this is a known issue.


CSCsg85495    ACS LDAP connectivity vs MS Active-Directory fails due to LDAP referrals


Active-Directory may return LDAP referrals which are not supported by ACS LDAP interface. As a result connectivity fails - "LDAP server not reachable" error message is displayed.

Work-Around:
Limit search scope to a lower sub-tree which doesn't contain referral to avoid the problem.


Regds

JK


Do rate helpful posts-

~Jatin

Marco,

Could you please mark this thread "RESOLVED" so that others can take benefits out of it.

~Jatin

Sure, is choosing the correct answer enough?

Thanks, keep posting

~Jatin
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: