Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

ACS 3.0 Ldap authentication to a Lotus notes Server

I have 2 ACS3.0 servers configured to authenticate to a Lotus notes LDAP

server. Both are configured the same. Using radtest to check with known account I fail from one but not the other. Using unknown user to ldap and both ldap configurations using same object types and descriptions.

  • Other Security Subjects
Cisco Employee

Re: ACS 3.0 Ldap authentication to a Lotus notes Server

have you configured BOTH the ACS to back-end with BOTH the LDAP servers? if yes, then the LDAP server listed first is the one where you are getting autheticated succesfully.

The reason is because, when authentication request is sent to the first LDAP server (assuming the user is in the 2nd LDAP server), the 1st LDAP server replied with a FAIL message back to ACS, and the ACS fails this attempt. ACS will not send this request to the 2nd LDAP server, because the reply back from the 1st LDAP was FAIL and not an ERROR. The 2nd LDAP server will only be contacted if the 1st LDAP server is not responding.