Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

ACS 4.0

I try to establish a link to an external database by LDAP SSL

I put all information in the common LDAP configuration, I set the port to 636, Checkmark are on LDAPv3 and Use SecureAuthentification

I put the path of my .db file

But when I try to map ACS group to LDAP group, I've got an error the LDAP cannot be reach.

I sniff all packet on my ACS 4.0 server and nothing seems to be pass with the port 389 or 636

If I keep the 636 port on and uncheck the Use SecureAuthentification, I sniff my network and now I see all the packet try to contact my LDAP server.

So what I do wrong? Someone try this and work fine?

Thank

2 REPLIES
Silver

Re: ACS 4.0

LDAP uses the port 389 and LDAPS uses 636. Make sure your LDAP server is listening to the correct port.

if you are using SSL, also make sure that the SSL port (TCP/443) is not blocked by any device in between.

Re: ACS 4.0

Yes my LDAP server listen the port 636 or 443 and also 389.

If I try to put any Trusted Root CA, when I capture my packet, I see something on port 636. But if I put a cert7.db on the local Path of my ACS server, it send anything, like if he can't read my cert7.db.

I have another question, the .db file is it the only extension that the server can read. Because when I export my certificate from Console One in Novell 6.5, I have only two choice, a .per file or .b64

So what can I do to transform this file in a .db file.

129
Views
0
Helpful
2
Replies