Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

AAA acs 4.1 to generic ldap

Hi there

We've installed ACS 4.1 to use it for network access authentication (switches, routers) via Radius (IETF).

I setup ACS with generic ldap to verfy users from MS Active Directory.

Everything work well :-)

But how do I configure ldaps under Cisco ACS?

Thanx for help

  • Other Security Subjects

Re: AAA acs 4.1 to generic ldap

New Member

Re: AAA acs 4.1 to generic ldap

Hi jgambhir

I have already configured acs to use generic ldap to verify users from ms active directory successfully.

I works well with normal ldap. But I want to use ldaps over port 636 between acs and active directory server.

In the section of "Generic LDAP" -> "Primary LDAP Server" I set the port to 636 and I marked "Use Secure Authentication".

But this does not work. I don't know why because I simple can connect with an ldap client to the AD Server over ldaps and port 636 but not from acs ????

What could be the reason?

I installed the intermediate certificate in Windows 2003 Server successfully...

Any help are appreciated


Re: AAA acs 4.1 to generic ldap

Hi BB,

Please ensure the cert is installed correctly. Did you generate cert7.db file ?

How to generate "cert7.db" file :

1. Setup the LDAP with a certificate.

2. Install Netscape 4.x (this creates the cert7.db file, which is just a database of


3. Browse to https://servername:636 with the netscape browser.

4. Install the certificate selecting the option "accept this certificate forever"

5. Copy the cert7.db file to another directory (like the ACS folder)

The default location of the cert7.db file is C:\Program Files\Netscape\Users\default

6. Now just enter the path to the cert7.db file in the "Certificate DB Path" field in the

configuration for your LDAP DB in ACS.

Also let me know if you are using acs windows or acs appliance as we might need to look at the detailed logs.



New Member

Re: AAA acs 4.1 to generic ldap

@ jgambhir


I installed ACS on Win 2003 Server. I use "generic ldap" to connect to ms active directory. This work perfect but ldap over ssl (ldaps) does not. Watch the attachment.

I installed the intermediate certificate correctly but it does not work anyway.

There is no firewall rule who is making any problem.

What could be the problem?

Thanx for help


This widget could not be displayed.