Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ACS 4.1 LDAP server NOT reachable.

Hi,

We have ACS 4.1 running. Everything seems to be (and has been) working fine. But when I want to add a LDAP group mapping I get an error message saying "LDAP Server NOT reachable. Please check the configuration". The ldap authentications are working fine, I just can't add a groupmapping. Where do I start troubleshooting this one?

Regards Marco

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: ACS 4.1 LDAP server NOT reachable.

Marco,


1. Do we have large number of groups in LDAP or AD structure?
2. Also, does your Admin DN has right to query database?

ACS Authentication Process with a Generic LDAP User Database

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp354562

Configuring a Generic LDAP External User Database

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp354805


Also, please download the LDAP browser softerra to fetch the correct information and configure it accordingle.


http://www.ldapbrowser.com/download.htm


HTH

JK


Do rate helpful posts-



~Jatin Katyal
6 REPLIES
Cisco Employee

Re: ACS 4.1 LDAP server NOT reachable.

Marco,


1. Do we have large number of groups in LDAP or AD structure?
2. Also, does your Admin DN has right to query database?

ACS Authentication Process with a Generic LDAP User Database

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp354562

Configuring a Generic LDAP External User Database

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/UsrDb.html#wp354805


Also, please download the LDAP browser softerra to fetch the correct information and configure it accordingle.


http://www.ldapbrowser.com/download.htm


HTH

JK


Do rate helpful posts-



~Jatin Katyal
Community Member

Re: ACS 4.1 LDAP server NOT reachable.

Yes, we have approx 1200 groups in the OU. If I change the OU to one with less groupw it works fine. I moved the group I needed to another OU and then made the groupmapping. After that, changed the settings back as they were. And it works. Is this a known issue with many groups?

Cisco Employee

Re: ACS 4.1 LDAP server NOT reachable.

Marco,


Yes, this is a known issue.


CSCsg85495    ACS LDAP connectivity vs MS Active-Directory fails due to LDAP referrals


Active-Directory may return LDAP referrals which are not supported by ACS LDAP interface. As a result connectivity fails - "LDAP server not reachable" error message is displayed.

Work-Around:
Limit search scope to a lower sub-tree which doesn't contain referral to avoid the problem.


Regds

JK


Do rate helpful posts-

~Jatin Katyal
Cisco Employee

Re: ACS 4.1 LDAP server NOT reachable.

Marco,

Could you please mark this thread "RESOLVED" so that others can take benefits out of it.

~Jatin Katyal
Community Member

Re: ACS 4.1 LDAP server NOT reachable.

Sure, is choosing the correct answer enough?

Cisco Employee

Re: ACS 4.1 LDAP server NOT reachable.

Thanks, keep posting

~Jatin Katyal
2272
Views
10
Helpful
6
Replies
CreatePlease to create content