Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

acs 5.2 and non AD ldap

I must be stupid.

I have an external LDAP server, (like openldap, but it is an old netscape one).

I can't authenticate against it.  I can anonymous bind against it. but that is it.

I don't want groups or any attributes.  I simply want to say User X password Y, authenticate.

Any time I test anything, it seems to go out to lunch.

Does anyone have an example of this?  What I am actually doing

is to authenticate PEAP-GTC for a wireless network.  I can get the request to the correct

external user store, but from there it doesn't work.

I can probably translate an openldap example.  The ldap works fine against, say Apache

authentication, so it is not so weird.

Everyone's tags (3)
New Member

Re: acs 5.2 and non AD ldap

good luck:

I wish i could help, but i haven't got to the wireless part yet. I just got the hardwire to wrk. I used a certificate created by the ACS Certificate signing and had the cert created by our inhouse CA. I'm still trying to understand how all this works, but did you look at the monitoring logs on your failed authentication attempts? It should give you some details. Is your ACS Even able to pass authentication back to the LDAP to verify the client?

good luck:

Sent from Cisco Technical Support iPad App

Sent from Cisco Technical Support iPad App

New Member

acs 5.2 and non AD ldap

Well, I got it to work.

It was either a CAcert was wrong, or a reboot that cleared the ldap connections.  Once I tested with

a simple 389 server and authenticated, I could see what is supposed to be returned and my settings

were correct.  I redid it with ldaps, and it worked.

I was then able to get both authenticated and unauthenticated to work, and then the whole thing

to work.

New Member

acs 5.2 and non AD ldap

So either it was ldap connection hung, or the Cert was wrong.  When I hit the test button, either should

have spit up some relevant debug stuff (Connection could not be started) or like (SSL connection

could not be initiated)  but it just went out to lunch.  So I believe something was hung up in the box itself.