8-3
User Guide for Cisco Digital Media Manager 5.4.x
OL-15762-05
Chapter 8 Authentication and Federated Identity
Concepts
administrator DN
The DN to authenticate your Active Directory server’s administrator.
Note
This release is more strict than most prior releases in its enforcement of proper LDAP syntax.
Now, when you specify the administrator DN, you must use proper syntax, which conforms
exactly to LDIF grammar.
•
Proper syntax:
CN=admin1,OU=Administrators,DC=example,DC=com
•
Poor syntax:
EXAMPLE\admin1
OTHERWISE
When you use poor syntax here for the first time while your DMM appliance runs DMS 5.3,
we show you, the administrator, this error message: “Invalid username or password.”
But if you used and validated poor syntax here before upgrading to Cisco DMS 5.3, we do not
repeat the validation process. Therefore—even though we do not show an error message
to anyone—
LDAP users simply cannot log in
.
Note An LDAP expression must never include a space immediately to either side of a “=” sign. Similarly, it must
never include a space immediately to either side of an “objectClass” attribute. Otherwise, validation fails.
authentication
The process to verify if a directory service entity has correctly claimed its own identity.
C
Return to Top
CA
certification authority. Authority that issues and manages security credentials and public keys, which
any directory service entity relies upon to encrypt and decrypt messages exchanged with any other
directory service entity. As part of a public key infrastructure (PKI), a CA checks with a registration
authority (RA) to verify information that certificate requestors provide. After the RA verifies requestor
information, the CA can then issue a certificate.
CN
common name. An attribute-value pair that names one directory service entity but indicates nothing
about its context or position in a hierarchy. For example, you might see
cn=administrator
. But
cn=administrator
is so commonplace in theory that it might possibly recur many times in an Active
Directory forest, while referring to more than just one directory service entity. An absence of context
means that you cannot know which device, site, realm, user group, or other entity type requires the
implied “administration” or understand why such “administration” should occur.
Therefore, use of a standalone CN is limited in the LDIF grammar. Absent any context, a standalone
CN is only ever useful as an RDN.
Note An LDAP expression must never include a space immediately to either side of a “=” sign. Similarly, it must
never include a space immediately to either side of an “objectClass” attribute. Otherwise, validation fails.
CoT
circle of trust. The various SP that all authenticate against one IdP in common.