Filter
Top Products
Chapter 13 User Databases
Generic LDAP
13-42
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
–
Port—The TCP/IP port number on which the LDAP server is listening.
The default is 389, as stated in the LDAP specification. If you do not
know the port number, you can find this information by viewing those
properties on the LDAP server. If you want to use secure authentication,
port 636 is usually used.
–
LDAP Version—Whether Cisco Secure ACS uses LDAP version 3 or
version 2 to communicate with your LDAP database. If this check box is
selected, Cisco Secure ACS uses LDAP version 3. If it is not selected,
Cisco Secure ACS uses LDAP version 2.
–
Security—Whether Cisco Secure ACS uses SSL to provide more secure
communication with the LDAP server. If you do not enable SSL, user
credentials are passed to the LDAP server in clear text.
–
Certificate Database Path—The path to the cert7.db file. This file
must contain the certificates for the server to be queried and the trusted
CA. You can use a Netscape web browser to generate
cert7.db files. For
information about generating a
cert7.db file, refer to Netscape
documentation.
To perform secure authentication using SSL, you must provide a
cert7.db certificate database file. Cisco Secure ACS requires a
certificate database so that it can establish the SSL connection. The
certificate database must be local to the Cisco Secure ACS Windows
server.
Cisco Secure ACS requires a
cert7.db certificate database file for each
LDAP server you configure. For example, to support users distributed in
multiple LDAP trees, you could configure two LDAP instances in
Cisco Secure ACS that would communicate with the same LDAP servers.
Each LDAP instance would have a primary and a secondary LDAP
server. Even though the two LDAP configurations share the same
primary server, each LDAP configuration requires that you download a
certificate database file to Cisco Secure ACS.
Note The database must be a cert7.db certificate database file. No other
filename is supported.