Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
602
Views
1
Helpful
5
Replies

Configuring CSA 5.1 w/LDAP authentication

cschear
Level 1
Level 1

‎07-05-2006 11:45 AM - edited ‎02-21-2020 10:16 AM

Has anyone configured their stand alone (non-Cisco Works 2k bundled) CSA 5.1 installations to use LDAP authentication to their Active Directory? I've been fumbling around with parameters and haven't had any success.

LDAP Configuration

------------------

Server: ldap://<serverIP>

Usersroot: dc=

Prefix: uid=

------------------

That is the unconfigured, default values in the Login Configuration option. The in-line help doesn't provide much information on getting this up and running. Do I need comma separated values for the "Prefix", such as "cn=users,dc=corp,dc=company,dc=com", etc.?

Please advise.

Labels:
0 Helpful
5 Replies 5

cschear
Level 1
Level 1
In response to drolemc

‎07-11-2006 12:26 PM

I appreciate your response, however, that information is the same as the in-line help, which I've read and found not to provide the information I'm looking for. Thanks.

0 Helpful

mgavel
Level 1
Level 1
In response to cschear

‎07-13-2006 08:00 PM

Here's a sample of the configuration line running in one of my pilot servers:

Server:

ldap://ldap.csalab.com

Usersroot:

ou=active,ou=employees,ou=people,o=csalab.com

Prefix:

uid=

0 Helpful

dodsonrs
Level 1
Level 1
In response to mgavel

‎09-12-2006 03:55 AM

Do you put anything in the uid field?

0 Helpful

RichardSW
Level 1
Level 1

‎09-12-2006 05:56 AM

If you're using Active Directory, and your domain looks like "yourdomain.local", then it should be like this:

LDAP Configuration:

-------------------

Server: ldap://10.1.2.33

Usersroot: dc=yourdomain,dc=local

Prefix: cn=Administrator

-------------------

And look at the note at the bottom - "Note: A local admin account matching the LDAP login name is mandatory for defining the administrator priveleges". I think this means if your AD admin account is "Administrator", then the mc needs an account called "Administrator" as well - but it doesn't require a local password because it will authenticate against AD.

I wish I could test this out for you, but I'm not running 5.1 yet.

0 Helpful
Customers Also Viewed These Support Documents