Configuring LDAP. Finding Feature Information. Contents

Similar documents
1 Obtaining Cisco ANA NSA 1.0 Patch 1

Installing the RJ-45 Bracket and Cable on the Cisco ONS Rack

Release Notes for TimeCardView 7.0.x

Cisco Redundant Power System 2300 Compatibility Matrix

User Guide for Microsoft Outlook Plug-in for Cisco Unified Videoconferencing Manager Release 7.1

Release Notes for Click to Call Release 7.x

PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement

Installing and Configuring the Microsoft Outlook Client Plug-in for Cisco Unified Videoconferencing Manager Release 7.1

RAID Battery Backup Unit Replacement and RAID Firmware Upgrade for Cisco Security MARS

Configuring an Intermediate IP Multicast Helper Between Broadcast-Only Networks

Exclusive Configuration Change Access and Access Session Locking

Upgrading to the Cisco ASR 1000 Series Routers ROMmon Image Release 12.2(33r)XNC

Maintenance Checklists for Microsoft Exchange on a Cisco Unity System

AAA LDAP Configuration Guide, Cisco IOS Release 15M&T

Installing and Configuring the Lotus Notes Plug-in for Cisco Unified Videoconferencing Manager Release 7.1

Release Notes for Cisco ONS MA Release 9.01

Security Best Practices Supplement for Cisco Digital Media Encoders

Contextual Configuration Diff Utility

IPv6 Support for LDAP

Release Notes for Cisco Unified CRM Connector for SAP Release 1.0(1)

User Guide for Cisco IP Phone Messenger Release 8.0, 8.5, and 8.6

Maintenance Checklists for Active Directory on a Cisco Unity System with Exchange as the Message Store

Modified LNS Dead-Cache Handling

Release Notes for Cisco ONS SDH Release 9.01

VPDN LNS Address Checking

Connecting Cisco 4-Port FXS/DID Voice Interface Cards

Configuration Replace and Configuration Rollback

Cisco Payment Card Industry Compliance Services

PPPoE on ATM. Finding Feature Information. Contents

Cisco SAN Health Check Service

Release Notes for Cisco Secure Services Client Release for Windows Vista

Logging to Local Nonvolatile Storage (ATA Disk)

Recovery Guide for Cisco Digital Media Suite 5.2 Appliances

MPLS VPN Half-Duplex VRF

Protected URL Database

Release Notes for Catalyst 6500 Series and Cisco 7600 Series Internet Router CEF720 Module ROMMON Software

Cisco Unified Attendant Console Backup and Restore Guide

Cisco Aironet Very Short 5-GHz Omnidirectional Antenna (AIR-ANT5135SDW-R)

Cisco Unified Web and Interaction Manager Browser Settings Guide

Using Microsoft Outlook to Schedule and Join Cisco Unified MeetingPlace Express Meetings

Cisco Nexus 4001I and 4005I Switch Module for IBM BladeCenter Getting Started Guide

Configuring ISG VRF Transfer (Cisco IOS Release 12.2(28)SB)

Release Notes for Cisco Unified Attendant Console Standard Release

Per IP Subscriber DHCP Triggered RADIUS Accounting

RAID Controller Firmware Upgrade Instructions for the Cisco WAE-7341, 7371, and 674

My Devices User Guide

Cisco Software Licensing Information for Cisco Unified Communications 500 Series for Small Business

ATM VP Average Traffic Rate

BGP Enforce the First Autonomous System Path

Adding a Cisco Small Business 300 Series Switch to SBCS 2.0

PPPoE Agent Remote-ID and DSL Line Characteristics Enhancement

Connecting Cisco DSU/CSU High-Speed WAN Interface Cards

Hardware and System Software Specification (Bill of Materials)

Configuring NetFlow Top Talkers using Cisco IOS CLI Commands or SNMP Commands

Cisco TEO Adapter Guide for BMC Remedy

Release Notes for Cisco Broadband Access Center 3.5

Cisco Service Control Service Security: Outgoing Spam Mitigation

Release Notes for Cisco Unified Attendant Console Compact Edition Version

Implementing SSG: Initial Tasks

Building Integrated Timing Source for the Cisco Series Router

IS-IS Incremental SPF

OSPF Incremental SPF

DHCP Lease Limit per ATM/RBE Unnumbered Interface

PPPoE Session Recovery After Reload

Cisco Group Encrypted Transport VPN (GET VPN) and LISP Interaction

Release Notes for Cisco IronPort AsyncOS 7.3 for

Suppress BGP Advertisement for Inactive Routes

SSG Service Profile Caching

Cisco Virtual Office End User Instructions for Cisco 1811 Router Set Up at Home or Small Office

IP SLAs Proactive Threshold Monitoring

Behavioral Change for Buffer Recarving

The CVD program consists of systems and solutions designed, tested, and documented to facilitate faster, more reliable, and more predictable customer

Release Notes for Cisco Service Control Management Suite Collection Manager (SCMS CM) 3.1.6

7825-I4, 7828-I4 Hard Disk Firmware Update

Cisco TEO Adapter Guide for Web Service

Generic Routing Encapsulation Tunnel IP Source and Destination VRF Membership

Release Notes for SPA942 and SPA962 IP Phones Firmware Version 6.1.3

HP NNM Integration User Guide for CiscoWorks Network Compliance Manager

Release Notes for Cisco Video Surveillance Manager 4.1/6.1

RADIUS NAS-IP-Address Attribute Configurability

Configuration Partitioning

Release Notes for Cisco MDS 9000 Family Fabric Manager Release 4.1(3b)

IP SLAs Random Scheduler

Using the Command-Line Interface in Cisco IOS Software

Cisco Video Surveillance Virtual Matrix Client Configuration Guide

Connecting Cisco WLAN Controller Enhanced Network Modules to the Network

Release Notes for Cisco Small Business Pro ESW 500 Series Switches

Cisco Unified Web and Interaction Manager Browser Settings Guide

Configuring Multiple Basic Service Set Identifiers and Microsoft WPS IE SSIDL

Cisco WAAS Mobile User Guide

VPDN Group Session Limiting

Cisco PGW 2200 Softswitch Generic Call Tagging Feature Module

IMA Dynamic Bandwidth

FIPS Security Policy for Cisco Aironet Lightweight AP1131, AP1142, AP1242, AP1252, and AP1522 Wireless LAN Access Points

User Guide for Cisco Unified Service Statistics Manager

DHCP Option 82 Support for Routed Bridge Encapsulation

Configuring MGCP-Controlled Backhaul of BRI Signaling in Conjunction with Cisco Unified Communications Manager

Cisco Fabric Manager Server Federation Deployment Guide

Cisco Unified ICM ACD Supplement for VRU Peripheral Gateway

Managing the CiscoLive 2009 Network

Transcription:

Configuring LDAP First Published: March 19, 2010 Last Updated: March 19, 2010 Lightweight Directory Access Protocol (LDAP) is integrated into Cisco IOS software as a AAA protocol alongside the existing AAA protocols such as RADIUS, TACACS+, Kerberos, and Diameter. AAA framework provides tools and mechanisms such as method lists, server groups, and generic attribute lists that enable an abstract and uniform interface to AAA clients irrespective of actual protocol used for communication with the AAA server. LDAP supports authentication and authorization functions for AAA. Finding Feature Information Your software release may not support all the features documented in this module. For the latest feature information and caveats, see the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the Feature Information for Configuring LDAP section on page 15. Use Cisco Feature Navigator to find information about platform support and Cisco IOS and Catalyst OS software image support. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required. Contents Prerequisites for Configuring LDAP, page 2 Restrictions for Configuring LDAP, page 2 Information About LDAP, page 2 How to Configure LDAP, page 3 Configuration Examples for LDAP, page 11 Additional References, page 12 Feature Information for Configuring LDAP, page 15 Americas Headquarters: Cisco Systems, Inc., 170 West Tasman Drive, San Jose, CA 95134-1706 USA

Prerequisites for Configuring LDAP Configuring LDAP Prerequisites for Configuring LDAP If you are using a secure Transport Layer Security (TLS) secure connection, you must configure X.509 certificates. Restrictions for Configuring LDAP LDAP client implementation has the following restrictions: Bind, search, and compare operations are supported. LDAP referrals are not supported. Unsolicited messages or notifications from LDAP server are not handled. Information About LDAP To configure LDAP, you should understand the following concepts: Transport Layer Security, page 2 LDAP Operations, page 2 LDAP Dynamic Attribute Mapping, page 3 Transport Layer Security TLS is an application-level protocol that enables secure transactions of data through privacy, authentication, and data integrity. It relies upon certificates, public keys, and private keys for clients to prove the identity. Certificates are issued by Certificate Authorities (CAs). Each certificate includes the name of the authority that issued it, the name of the entity to which the certificate was issued, the entity s public key, and time stamps that indicate the certificate s expiration date. TLS support for LDAP is mentioned in RFC 2830 as an extension to the LDAP protocol. LDAP Operations Bind The following operations are supported in LDAP: Bind Search Compare The bind operation is used to authenticate a user to the server. It is used to start a connection with the LDAP server. LDAP is a connection-oriented protocol. The client specifies the protocol version and the client authentication information. LDAP supports the following binds: Authenticated bind 2

Configuring LDAP How to Configure LDAP Anonymous bind An authenticated bind is performed when a root distinguished name (DN) and password are available. In the absence of a root DN and password, an anonymous bind is performed. In LDAP deployments, the search operation is performed first and the bind operation later. This is because, if a password attribute is returned as part of the search operation, then the password verification can be done locally on an LDAP client. Thus, there is no need to perform an extra bind operation. If a password attribute is not returned, bind operation can be performed later. Another advantage of performing a search operation first and bind operation later is that the distinguished name (DN) received in the search result can be used as the user DN instead of forming a DN by prefixing the username (cn attribute) with base DN. All entries stored in an LDAP server have a unique distinguished name (DN). The DN consists of two parts: Relative Distinguished Name (RDN) and location within the LDAP server where the record resides. Most of the entries that you store in an LDAP server will have a name, and the name is frequently stored in the cn (Common Name) attribute. Because every object has a name, most objects you store in an LDAP will use their cn value as the basis for their RDN. Search A search operation is used to search the LDAP server. The client specifies the starting point (base DN) of the search, the search scope (either the object, its children, or the subtree rooted at the object), and a search filter. For authorization requests, the search operation is directly performed without a bind operation. The LDAP server can be configured with certain privileges for the search operation to succeed. This privilege level is established with the bind operation. An LDAP search operation can return multiple user entries for a specific user. In such cases, the LDAP client returns an appropriate error code to AAA. To avoid these errors, appropriate search filters that help to match a single entry must be configured. Compare The compare operation is used to replace a bind request with a compare request for an authentication. The compare operation helps to maintain the initial bind parameters for the connection. LDAP Dynamic Attribute Mapping LDAP is a powerful and flexible protocol for communication with AAA servers. LDAP attribute maps provide a method to cross-reference the attributes retrieved from a server to Cisco attributes supported by the security appliances. When a user authenticates a security appliance, the security appliance, in turn, authenticates to the server and uses the LDAP protocol to retrieve the record for that user. The record consists of LDAP attributes associated with fields displayed on the user interface of the server. Each attribute retrieved includes a value that was entered by the administrator who updates the user records. How to Configure LDAP This section contains the following procedures: Configuring Router-to-LDAP Server Communication, page 4 (required) 3

How to Configure LDAP Configuring LDAP Configuring LDAP Protocol Parameters, page 5 (optional) Configuring a AAA Server Group, page 7 (optional) Configuring Search and Bind Operations for an Authentication Request, page 8 (optional) Configuring a Dynamic Attribute Map on an LDAP Server, page 9 (optional) Configuring Router-to-LDAP Server Communication SUMMARY STEPS DETAILED STEPS Perform this task to configure router-toldap server communication. The LDAP host is normally a multiuser system running LDAP server software such as Active Directory (Microsoft) and OpenLDAP. Configuring router-to-ldap server communication can have several components: Hostname or IP address Port number Timeout period Base DN 1. enable 2. configure terminal 3. ldap server name 4. ipv4 ipv4-address 5. transport port port-number 6. timeout retransmit seconds 7. exit Step 1 Step 2 Command or Action enable Router> enable configure terminal Enables privileged EXEC mode. Enter your password if prompted. Enters global configuration mode. Step 3 Router# configure terminal ldap server name Router(config)# ldap server server1 Configures a device to use the LDAP protocol and enters LDAP server configuration mode. 4

Configuring LDAP How to Configure LDAP Step 4 Command or Action ipv4 ipv4-address Specifies the LDAP server IP address using IPv4. Step 5 Step 6 Step 7 Router(config-ldap-server)# ipv4 10.0.0.1 transport port port-number Router(config-ldap-server)# transport port 200 timeout retransmit seconds Router(config-ldap-server)# timeout retransmit 20 exit Configures the transport protocol for connecting to the LDAP peer. Specifies the number of seconds a router waits for a reply to an LDAP request before retransmitting the request. Exits the LDAP server configuration mode. Router(config-ldap-server)# exit Configuring LDAP Protocol Parameters Perform this task to configure the LDAP protocol parameters. SUMMARY STEPS 1. enable 2. configure terminal 3. ldap server name 4. bind authenticate root-dn password [0 string 7 string] string 5. search-filter user-object-type string 6. base-dn string 7. mode secure [no-negotiation] 8. secure cipher secure cipher 3des-ede-cbc-sha 9. exit 5

How to Configure LDAP Configuring LDAP DETAILED STEPS Step 1 Step 2 Command or Action enable Router> enable configure terminal Enables privileged EXEC mode. Enter your password if prompted. Enters global configuration mode. Step 3 Router# configure terminal ldap server name Router(config)# ldap server server1 Step 4 bind authenticate root-dn password [0 string 7 string] string Step 5 Router(config-ldap-server)# bind authenticate root-dn cn=administrator,cn=users,dc=nac-blr2,dc=examp le,dc=com password search-filter user-object-type string Configures a device as an LDAP protocol and enters LDAP server configuration mode. Specifies the shared secret text string used between the router and an LDAP server. Use the 0 line option to configure an unencrypted shared secret. Use the 7 line option to configure an encrypted shared secret. Specifies the search filter to be used in the search requests. Step 6 Router(config-ldap-server)# search-filter user-object-type name base-dn string Specifies the base DN of the search. Step 7 Step 8 Router(config-ldap-server)# base-dn dc=sns,dc=example,dc=com mode secure [no-negotiation] Router(config-ldap-server)# mode secure no-negotiation secure cipher 3des-ede-cbc-sha Configures LDAP to initiate the TLS connection and specifies the secure mode. Specifies the ciphersuite in case of secure connection. Step 9 Router(config-ldap-server)# secure cipher 3des-ede-cbc-sha exit Exits the LDAP server configuration mode. Router(config-ldap-server)# exit 6

Configuring LDAP How to Configure LDAP Configuring a AAA Server Group SUMMARY STEPS DETAILED STEPS Perform this task to configure a AAA server group. Configuring the router to use AAA server groups enables you to group existing servers. You need to select a subset of the configured server hosts and use them for a particular service. A server group is used in conjunction with a global server-host list. The server group lists the IP addresses of the selected server hosts. Server groups also can include multiple host entries for the same server, as long as each entry has a unique identifier. If two different host entries on the same LDAP server are configured for the same service (for example, accounting) the second host entry configured acts as failover backup to the first one. Using this example, if the first host entry fails to provide accounting services, the network access server will try the second host entry configured on the same device for accounting services. (The LDAP host entries will be tried in the order in which they are configured.) To define a server host with a server group name, enter the following commands. The listed server must exist in global configuration mode. 1. enable 2. configure terminal 3. aaa new-model 4. aaa group server ldap group-name 5. server name 6. exit Step 1 Step 2 Command or Action enable Router> enable configure terminal Enables privileged EXEC mode. Enter your password if prompted. Enters global configuration mode. Step 3 Router# configure terminal aaa new-model Enables AAA. Step 4 Router(config)# aaa new-model aaa group server ldap group-name Router(config)# aaa group server ldap name1 Defines the AAA server group with a group name and enters the LDAP server group configuration mode. All members of a group must be the of same type; that is, RADIUS, LDAP, or TACACS+. 7

How to Configure LDAP Configuring LDAP Step 5 Step 6 Command or Action server name Router(config-ldap-sg)# server server1 exit Associates a particular LDAP server with the defined server group. Each security server is identified by its IP address and UDP port number. Exits LDAP server group configuration mode. Router(config-ldap-server)# exit Configuring Search and Bind Operations for an Authentication Request Perform this task to configure search and bind operations for an authentication request: SUMMARY STEPS 1. enable 2. configure terminal 3. ldap server name 4. authentication bind-first 5. authentication compare 6. exit DETAILED STEPS Step 1 Step 2 Command or Action enable Router> enable configure terminal Enables privileged EXEC mode. Enter your password if prompted. Enters global configuration mode. Step 3 Step 4 Router# configure terminal ldap server name Router(config)# ldap server server1 authentication bind-first Router(config-ldap-server)# authentication bind-first Configures a device as an LDAP protocol and enters LDAP server configuration mode. Configures the sequence of search and bind operation for an authentication request. 8

Configuring LDAP How to Configure LDAP Step 5 Step 6 Command or Action authentication compare Router(config-ldap-server)# authentication compare exit Replaces the bind request with the compare request for authentication. Exits the LDAP server configuration mode. Router(config-ldap-server)# exit Configuring a Dynamic Attribute Map on an LDAP Server Perform this task to configure a dynamic attribute map on an LDAP server. You must create LDAP attribute maps that map your existing user-defined attribute names and values to Cisco attribute names and values that are compatible with the security appliance. You can then bind these attribute maps to LDAP servers or remove them as required. See the chapter User-Based Firewall support in Cisco IOS Security Configuration Guide: Securing the Data Plane for more information about user-based firewalls. Note To use the attribute mapping features correctly, you need to understand the Cisco LDAP attribute names and values as well as the user-defined attribute names and values. SUMMARY STEPS 1. enable 2. configure terminal 3. ldap attribute map map-name 4. map type ldap-attr-type aaa-attr-type 5. exit 6. ldap server name 7. ipv4 ipv4-address 8. bind authenticate root-dn password [0 string 7 string] string 9. base-dn string 10. attribute map map-name 11. exit 9

How to Configure LDAP Configuring LDAP DETAILED STEPS Step 1 Step 2 Command or Action enable Router> enable configure terminal Enables privileged EXEC mode. Enter your password if prompted. Enters global configuration mode. Step 3 Step 4 Router# configure terminal ldap attribute map map-name Router(config)# ldap attribute-map map1 map type ldap-attr-type aaa-attr-type Configures dynamic LDAP attribute map and enters attribute-map configuration mode. Defines an attribute map. Step 5 Router(config-attr-map)# map type department Engineering group1 exit Exits the attribute-map configuration mode. Step 6 Router(config-attr-map)# exit ldap server name Specifies the LDAP server name and enters into the LDAP server configuration mode. Step 7 Router(config)# ldap server ldap_dir_1 ipv4 ipv4-address Specifies the IP address of the LDAP server. Router(config-ldap-server)# ipv4 10.0.0.1 Step 8 bind authenticate root-dn user-name password [0 string 7 string] string Binds the attribute testmap to the LDAP server. Step 9 Router(config-ldap-server)# bind authenticate root-dn "cn=user1,cn=users,dc=sns,dc=example,dc=com" base-dn string Router(config-ldap-server)# base-dn "dc=sns,dc=example,dc=com" (Optional) Configures the base DN that you want to use to perform search operations in the LDAP server. 10

Configuring LDAP Configuration Examples for LDAP Step 10 Command or Action attribute map map-name Attaches the attribute map to a particular LDAP server. Step 11 Router(config-ldap-server)# attribute map att_map_1 exit Exits server group configuration mode. Router(config-ldap-server)# exit Monitoring and Maintaining LDAP To monitor and maintain LDAP scalability enhancements, use the following commands in privileged EXEC mode. The following commands can be entered in any order. Command Router# clear ldap server Router# debug ldap Router# show ldap server Router# show ldap attributes Clears the TCP connection with the LDAP server. Displays information associated with LDAP. Displays the LDAP server state information and various other counters for the server. Displays information about default LDAP attribute mapping. Configuration Examples for LDAP This section provides the following configuration examples: LDAP Server Communication: Example, page 11 LDAP Protocol Parameters: Example, page 12 AAA Server Group: Example, page 12 Search and Bind Operations for an Authentication Request: Example, page 12 Dynamic LDAP Attribute Map and LDAP Server: Example, page 12 LDAP Server Communication: Example The following example shows how to create server group server1 and specify the IP address, transport port, and retransmit values: ldap server server1 server1 10.0.0.1 transport port 200 retransmit 600 failover retransmit 600 11

Additional References Configuring LDAP LDAP Protocol Parameters: Example The following example shows how to configure the LDAP parameters: ldap server server1 bind authenticate root-dn cn=administrator,cn=users,dc=nac-blr2,dc=cisco,dc=com password 123 search-filter user-object-type objectclass base-dn "dc=sns,dc=example,dc=com" mode secure no-negotiation secure cipher 3des-ede-cbc-sha AAA Server Group: Example The following example shows how to configure the AAA server group: aaa new-model aaa group server ldap server1 Search and Bind Operations for an Authentication Request: Example The following example shows how to configure the sequence of search and bind for an authentication request: ldap server server1 authentication bind-first authentication compare Dynamic LDAP Attribute Map and LDAP Server: Example The following example shows how to attach the attribute map to a particular LDAP server: ldap attribute-map att_map_1 map type department element-req-qos exit ldap server ldap_dir_1 ipv4 10.0.0.1 bind authenticate root-dn cn=administrator,cn=users,dc=nac-blr2,dc=example,dc=com password example123 base-dn "dc=sns,dc=example,dc=com" attribute map att_map_1 Additional References The following sections provide references related to configuring the LDAP feature. Related Documents Related Topic AAA Document Title Configuring Authentication module 12

Configuring LDAP Additional References Standards Standard No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature. Title MIBs MIB No new or modified MIBs are supported by this feature, and support for existing MIBs has not been modified by this feature. MIBs Link To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs RFCs RFC RFC 2830 RFC 4511 RFC 4513 RFC 4514 RFC 4515 RFC 4517 RFC 4519 Title Lightweight Directory Access Protocol (v3): Extension for Transport Layer Security Lightweight Directory Access Protocol (LDAP) Lightweight Directory Access Protocol (LDAP): Authentication Methods and Security Mechanisms Lightweight Directory Access Protocol (LDAP): String Representation of Distinguished Names Lightweight Directory Access Protocol (LDAP): String Representation of Search Filters Lightweight Directory Access Protocol (LDAP): Syntaxes and Matching Rules Lightweight Directory Access Protocol (LDAP): Schema for User Applications 13

Additional References Configuring LDAP Technical Assistance Description The Cisco Support website provides extensive online resources, including documentation and tools for troubleshooting and resolving technical issues with Cisco products and technologies. To receive security and technical information about your products, you can subscribe to various services, such as the Product Alert Tool (accessed from Field Notices), the Cisco Technical Services Newsletter, and Really Simple Syndication (RSS) Feeds. Access to most tools on the Cisco Support website requires a Cisco.com user ID and password. Link http://www.cisco.com/cisco/web/support/index.html 14

Configuring LDAP Feature Information for Configuring LDAP Feature Information for Configuring LDAP Not all commands may be available in your Cisco IOS software release. For release information about a specific command, see the command reference documentation. Use Cisco Feature Navigator to find information about platform support and software image support. Cisco Feature Navigator enables you to determine which Cisco IOS and Catalyst OS software images support a specific software release, feature set, or platform. To access Cisco Feature Navigator, go to http://www.cisco.com/go/cfn. An account on Cisco.com is not required. Note Table 1 lists only the Cisco IOS software release that introduced support for a given feature in a given Cisco IOS software release train. Unless noted otherwise, subsequent releases of that Cisco IOS software release train also support that feature. 15

Feature Information for Configuring LDAP Configuring LDAP Table 1 Feature Information for Configuring LDAP Feature Name Releases Feature Information LDAP integration with Active Directory 15.1(1)T LDAP is a standard-based protocol used to access directories. It is based on client server model similar to RADIUS. LDAP is deployed on Cisco devices to send authentication requests to a central LDAP server that contains all user authentication and network service access information. This feature provides authentication and authorization support for AAA. The following sections provide information about this feature: Information About LDAP Configuring Router-to-LDAP Server Communication Configuring LDAP Protocol Parameters Configuring a AAA Server Group Configuring Search and Bind Operations for an Authentication Request The following commands were introduced or modified: aaa group server ldap, authentication bind-first, authentication compare, bind authenticate, base-dn, clear ldap server, debug ldap, ipv4, mode secure, ldap server, search-filter, secure cipher, show ldap server, transport port, timeout, retransmit. LDAP Active Directory Support for Authproxy 15.1(1)T This feature enables the authentication proxy to authenticate and authorize the users with Active Directory servers using LDAP. The following sections provide information about this feature: LDAP Dynamic Attribute Mapping Configuring a Dynamic Attribute Map on an LDAP Server The following commands were introduced or modified: map type, attribute map. 16

Configuring LDAP Feature Information for Configuring LDAP CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, ilynx, IOS, iphone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco and/or its affiliates in the United States and certain other countries. All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1002R) Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental. 2010 Cisco Systems, Inc. All rights reserved. 17

Feature Information for Configuring LDAP Configuring LDAP 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback