cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
744
Views
0
Helpful
3
Replies

Need Help With ACS LDAP setup to Query AD

malagudu
Level 1
Level 1

I have 2 Win 2003 ADs, one of them is configured and working under Windows Database (using remote agent) configuration. I am trying to setup the second AD with Generic LDAP setup. I want to know what exactly I should use in the fields UserObjectType and Class, and GroupObjectType and Class for Windows 2003 AD. All Cisco documents give example of Netscape LDAP syntax. I was told by our server admin. what to put under Admin DN, CN=myid,OU=mygroup,OU=myorg,DC=mydomain,DC=com

I have both user & group directory subtree fields filled with DC=mydomain,DC=com.

I am using the ip address for Primary LDAP server, and port is 389, LDAP version 3 is checked.

Is any of these DC, OU, etc. case sensitive?

With all entries that I have tried, when I go to map a group, I am getting error "LDAP server NOT reachable. Please check the configuration". My ACS can ping the domain controller's IP address fine.

Please help. Thank you in advance,

Murali

3 Replies 3

Thanks. I got LDAP configured and I know ACS is working when I test connection. However, when I connect a PC to a switch port that does 802.1x authentication, the request is not passed on to the LDAP server that is configured in ACS appliance. Can you please confirm if indeed we can use LDAP server configuration in ACS to authentication 802.1x clients? I did a port capture on the ACS port and verified all the communications in and out of ACS.

Thank you in advance.

Murali

Hi Murali,

It seems that you have the solution. Unfortunately I am still not solved this issue. Please comment my configuration below.

User directory subtree cn=users,dc=mydomain,dc=local

Group directory subtree cn=users,dc=mydomain,dc=local

Userobjecttype uid

Userobjectclass Person

Groupobjecttype cn

Groupobjectclass GoupOfUniqueNames

Group attribute name UniqueMember

Admin dn cn=myname,cn=users,dc=mydomain,dc=local

Thanks in advance

Vincent

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: