Cisco Cisco Firepower Management Center 4000
48-16
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing Authentication Objects
Identifying the LDAP Authentication Server
License:
Any
When you create an authentication object, you first specify the primary and backup server and server
port where you want the managed device or Defense Center to connect for authentication.
port where you want the managed device or Defense Center to connect for authentication.
To identify an LDAP authentication server:
Access:
Admin
Step 1
Select
System > Local > User Management
.
The User Management page appears
Step 2
Click the
Login Authentication
tab.
The Login Authentication page appears.
Step 3
Click
Create Authentication Object
.
The Create Authentication Object page appears.
Step 4
Select
LDAP
from the
Authentication Method
drop-down list.
LDAP configuration options appear.
Step 5
Type a name and description for the authentication server in the
Name
and
Description
fields.
Step 6
Optionally, in the
Server Type
field, select the type of LDAP server you plan to connect to and click
Set
Defaults
to populate the User Name Template, UI Access Attribute, Shell Access Attribute, Group
Member Attribute, and Group Member URL Attribute fields with default values. You have the following
options:
options:
•
If you are connecting to a Microsoft Active Directory server, select
MS Active Directory
and click
Set
Defaults
.
•
If you are connecting to a Sun Java Systems Directory Server or Oracle Directory Server, select
Oracle Directory
and click
Set Defaults
.
•
If you are connecting to an OpenLDAP server, select
OpenLDAP
and click
Set Defaults
.
•
If you are connecting to a LDAP server other than those listed above and want to clear default
settings, select
settings, select
Other
and click
Set Defaults
.
Step 7
Type the IP address or host name for the primary server where you want to obtain authentication data in
the
the
Primary Server Host Name/IP Address
field.
Note
If you are using a certificate to connect via TLS or SSL, the host name in the certificate must
match the host name used in this field. In addition, IPv6 addresses are not supported for
encrypted connections.
match the host name used in this field. In addition, IPv6 addresses are not supported for
encrypted connections.
Step 8
Optionally, modify the port used by the primary authentication server in the
Primary Server Port
field.
Step 9
Optionally, type the IP address or host name for the backup server where you want to obtain
authentication data in the
authentication data in the
Backup Server Host Name/IP Address
field.
Step 10
Optionally, modify the port used by the primary authentication server in the
Backup Server Port
field.
Continue with