Filter
Top Products
6-16
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 6 Agentless Host Support Configuration Scenario
Basic Configuration Steps for Agentless Host Support
Figure 6-7 LDAP Server Configuration Sections
a. For the primary LDAP server specify:
–
Hostname—The name or IP address of the server that is running the LDAP software. If you are
using DNS on your network, you can type the hostname instead of the IP address.
–
Port—The TCP/IP port number on which the LDAP server is listening. The default is 389, as
stated in the LDAP specification. If you do not know the port number, you can find this
information by viewing those properties on the LDAP server. If you want to use secure
authentication, port 636 is the default.
–
LDAP Version—ACS uses LDAP version 3 or version 2 to communicate with your LDAP
database. If you check this check box, ACS uses LDAP version 3. If it is unchecked, ACS uses
LDAP version 2.
–
Security—ACS uses SSL to encrypt communication between ACS and the LDAP server. If you
do not enable SSL, user credentials are passed to the LDAP server in clear text. If you select
this option, then you must select Trusted Root CA or Certificate Database Path. ACS
supports only server-side authentication for SSL communication with the LDAP server.
ACS SE Only:
You must ensure that the Port box contains the port number used for SSL on the LDAP server.
–
Trusted Root CA—LDAP over SSL includes the option to authenticate by using the certificate
database files other than the Netscape cert7.db file. This option uses the same mechanism as
other SSL installations in the ACS environment. Select the certification authority that issued the
server certificate that is installed on the LDAP server.
–
Certificate DB Path: For ACS for Windows, this is the path to the Netscape cert7.db file For
the ACS SE, this option provides a link to the Download Certificate Database page.