×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

LMS and AD

Unanswered Question
Dec 19th, 2006
User Badges:

In Ciscoworks version 2.6 I am tring to get the local user and the AD user ID to work together to allow me to give the AD user permissions. The distinguished name format(lastname\, firstname) is not allowed as a local user. Is there any way to change what ldap field it is using for the login name?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Joe Clarke Tue, 12/19/2006 - 11:24
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

You can specify an alternate Prefix when configuring your AD settings in LMS. The default is "cn=" but you could use, for example, "uid=".

d-jenkins Wed, 12/20/2006 - 10:29
User Badges:

I can login by using CN but uid does not work.


We are using 2003 and in the help text is says(Note: Anonymous bind is disabled by default in MS AD 2003 onwards. Hence, the user must configure the complete Userroot in CiscoWorks screens.

In this case, the prefix should be excatly the same as the one in the distinguished name (DN) like uid or cn and can not be other values like samAccountName which can otherwise be used for a search.)


So does this mean that if the distinguished name uses the CN I could find that anonymously (this seems to work) If I would want to use the uid I would need to allow anonymous because it is not the distinguished name and anonymous not is allowed by default?



Joe Clarke Wed, 12/20/2006 - 10:45
User Badges:
  • Cisco Employee,
  • Hall of Fame,

    Founding Member

Yeah, this means that if my DN is, and I'll use a local example for my ldap server:


uid=jclarke, ou=rtp-nms, o=cisco.com


Then I would need to use uid, and I could NOT use anything else. That's because LMS would do a bind as me to the server for authentication. If I needed to use another prefix, I would need to enable anonymous bind.

d-jenkins Thu, 12/21/2006 - 05:31
User Badges:

Thanks for your help I now know it won't work for me and I will need to try another way.

Actions

This Discussion