Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

ACS 4.2 Ldap connection string problems

Hi all,

I am having an interesting problem trying to get my acs server talking to our microsft AD Ldap structure. The way our admin has setup the structure is sketched out below. The IT Department has it's on branch under which are the IT users and the IT security Groups but the comapny users and groups are on the same level as the IT Dept branch.

dc=uk

|          dc=co

|          |          dc=company

|          |          |          ou=it dept

|          |          |          |          ou=it users

|          |          |          |          ou=it groups

|          |          |          ou=company users

|          |          |          ou=company groups

the problem i have is that when i setup a generic LDAP server on the ACS i can get it working for users of the IT Dept, but i can't get it working for the company users. It looks like the ACS is expecting to see at least 2 OU entries.

ou=it users,ou=it dept,dc=company,dc=co,dc=uk Works

ou=company users,dc=company,dc=co,dc=uk Fails

I am currently using an ACS 4.2 server build 124 running on a windows server

Any ideas would be appreciated as ldap and AD is not an area i know much about.

Adam

Everyone's tags (5)
1 REPLY

Re: ACS 4.2 Ldap connection string problems

Hi,

What did you configure for "User directory subtree" and "Gropu directory subtree" in the Common LDAP configuration?

You want both the company users and IT users to authenticate at the same time?

If you want both IT users and company users to work, you need to put a higher level OU that contains both of them.

dc=company,dc=co,dc=uk

HTH

Amjad

Rating useful replies is more useful than saying "Thank you"

Rating useful replies is more useful than saying "Thank you"
768
Views
0
Helpful
1
Replies
CreatePlease to create content