Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

LDAP Authenticated Bind

I have been looking for documentation on LDAP authenticated bind, except there is very little and the stuff that is there doesn't go into any detail. I was able to get authenticated binds to work properly but I wanted to ensure that it was all done correctly.

I found that the users that you are authenticating have to be in the same OU as the service account that you are using to perform the authenticated bind. For example you have an OU called Wireless. users1, user2 and a service account called WiSA are all in this OU. You can authenticate users1 and user2, but no users out of any other OU.

Is this really all there is? There appears to be no ability to do memberOf which really limits what you can do with this.

I am running Any thoughts??

New Member

Re: LDAP Authenticated Bind

You can use users in another location for authenticated binding of LDAP, in that case while writing the the username you should mention entire path instead of username.

for eg: you should specify the username as cn=user,ou=cisco,ou=wireless,dc=com.

If both your client authentication username and bind username in same location then you can just specify the username controller will pick the path from the LDAP config.

I hope i answerd your question.

New Member

Re: LDAP Authenticated Bind

Thanks, I will give this a try. Would you happen to know when there will be support for group membership?

New Member

Re: LDAP Authenticated Bind

Can you explain me wht do u mean by group membership???

Let me know how the user in different ou works for u. Let me know if it is not working or u r facing any issue

New Member

Re: LDAP Authenticated Bind

Thanks for your replies. What I mean by group membership is that I want to be able to use the memberOf attribute to allow access.

So for example we would create a AD group called Wireless then add the users/groups that we want into this group to allow access. Much like DAP on the ASA.

CreatePlease to create content