Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Configuring CSA 5.1 w/LDAP authentication

Has anyone configured their stand alone (non-Cisco Works 2k bundled) CSA 5.1 installations to use LDAP authentication to their Active Directory? I've been fumbling around with parameters and haven't had any success.

LDAP Configuration

------------------

Server: ldap://<serverIP>

Usersroot: dc=

Prefix: uid=

------------------

That is the unconfigured, default values in the Login Configuration option. The in-line help doesn't provide much information on getting this up and running. Do I need comma separated values for the "Prefix", such as "cn=users,dc=corp,dc=company,dc=com", etc.?

Please advise.

5 REPLIES
Silver

Re: Configuring CSA 5.1 w/LDAP authentication

New Member

Re: Configuring CSA 5.1 w/LDAP authentication

I appreciate your response, however, that information is the same as the in-line help, which I've read and found not to provide the information I'm looking for. Thanks.

New Member

Re: Configuring CSA 5.1 w/LDAP authentication

Here's a sample of the configuration line running in one of my pilot servers:

Server:

ldap://ldap.csalab.com

Usersroot:

ou=active,ou=employees,ou=people,o=csalab.com

Prefix:

uid=

New Member

Re: Configuring CSA 5.1 w/LDAP authentication

Do you put anything in the uid field?

New Member

Re: Configuring CSA 5.1 w/LDAP authentication

If you're using Active Directory, and your domain looks like "yourdomain.local", then it should be like this:

LDAP Configuration:

-------------------

Server: ldap://10.1.2.33

Usersroot: dc=yourdomain,dc=local

Prefix: cn=Administrator

-------------------

And look at the note at the bottom - "Note: A local admin account matching the LDAP login name is mandatory for defining the administrator priveleges". I think this means if your AD admin account is "Administrator", then the mc needs an account called "Administrator" as well - but it doesn't require a local password because it will authenticate against AD.

I wish I could test this out for you, but I'm not running 5.1 yet.

125
Views
1
Helpful
5
Replies
CreatePlease to create content