I am having a problem with LDAP authentication to a Novell NDS server. This is on an ASA 7.1(2) 5510 talking to Netware 6.5 with all current patches installed. All of the context stuff, as well as the SSL stuff is working just fine. We can clearly see a failed authentication attempt when we type in an incorrect password, so I'm sure the base DN's, search and bind credentials settings are all just fine.
The problem is that when we type in a *correct* password, it still fails from the ASA's perspective, though Novell seems to think everything is fine. The DSTRACE screen shows:
Sending operation result 0:"":"" to connection 0x121dd540
With LDAP debugging on the ASA, we see:
 Performing Simple authentication for user to XX.XX.XX.XX
 Authentication successful for user to XX.XX.XX.XX
 Retrieving user attributes from server XX.XX.XX.XX
When running the "test" button on ASDM, we get back the cryptic message:
Authentication test to host XX.XX.XX.XX failed. The following error occured
ERROR: Authentication Error: No error.
Despite the above, it truly is broken. Anyone have a clue what might be going wrong? Or does anyone have a successful LDAP from ASA->NDS working? Do I perhaps need some attribute mappings or some other configuration option?
My open TAC case engineer wants a packet trace, but this is an SSL connection, and setting up a non-SSL LDAP server may be problematic.
Re: LDAP Authentication to Novell NDS LDAP server?
I am not very familier with NDS, but from my understanding of AAA authentication, two things you need to check on the authentication server. One is if the client is configured correctly (with the IP address) and the second is the shared secret key.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...