Filter
Top Products
3-15
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 3 Configuring New Features in ACS 4.2
RSA Support on the ACS SE
b. In the Port box, type the TCP/IP port number on which the LDAP server is listening. The default is
389, as stated in the LDAP specification. If you do not know the port number, you can find this
information by viewing those properties on the LDAP server. If you want to use secure
authentication, port 636 is usually used.
c. To specify that ACS should use LDAP version 3 to communicate with your LDAP database, check
the LDAP Version check box. If the LDAP Version check box is not checked, ACS uses LDAP
version 2.
d. If you want ACS to use SSL to connect to the LDAP server, check the Use secure authentication
check box and complete the next three steps. If you do not use SSL, the username and password
credentials are normally passed over the network to the LDAP directory in clear text.
e. ACS SE only: If you checked the Use Secure Authentication check box, perform one of the
following procedures:. Check the:
–
Trusted Root CA check box, and in the adjacent drop-down list, choose a Trusted Root CA.
–
Certificate Database Path check box, and download a cert7.db file.
Note To download a cert7.db certificate database file to ACS now, complete the steps in
“Downloading a Certificate Database (Solution Engine Only)” in Chapter 12 of the User Guide
for Cisco Secure ACS, 4.2, and then continue with Step f. You can download a certificate
database later. Until a certificate database is downloaded for the current LDAP server, secure
authentication to this LDAP server fails.
f. ACS for Windows only: If you checked the Use Secure authentication check box, perform one of
the following procedures. Click the:
–
Trusted Root CA radio button, and in the adjacent drop-down list, choose a Trusted Root CA.
–
Certificate Database Path radio button, and in the adjacent box, type the path to the Netscape
cert7.db file, which contains the certificates for the server to be queried and the trusted CA.
g. The Admin DN box requires the fully qualified Distinguished Name (DN) of the administrator; that
is, the LDAP account which, if bound to, permits searches for all required users under the User
Directory subtree.
In the Admin DN box, type the following information from your LDAP server:
uid=user id,[ou=organizational unit,]
[ou=next organizational unit]o=organization
where user id is the username
organizational unit is the last level of the tree
next organizational unit is the next level up the tree.
For example:
uid=joesmith,ou=members,ou=administrators,o=cisco
Tip If you are using Netscape DS as your LDAP software, you can copy this information from the
Netscape console.
h. In the Password box, type the password for the administrator account that is specified in the Admin
DN box. The server determines password case sensitivity.
Step 22 Click Submit.