Cisco Cisco Expressway 维护手册
Error message
Reason / resolution
DNS unable to resolve LDAP server
address
address
Check that a valid DNS server is configured, and check the spelling of the
LDAP server address.
LDAP server address.
Failed to connect to LDAP server.
Check server address and port
Check server address and port
Check that the LDAP server details are correct.
Failed to setup TLS connection.
Check your CA certificate
Check your CA certificate
CA certificate, private key and server certificate are required for TLS.
Failure connecting to server. Returned
code<return code>
code<return code>
Other non-specific problem.
Invalid Base DN for accounts
Check Base DN for accounts; the current value does not describe a valid
part of the LDAP directory.
part of the LDAP directory.
Invalid server name or DNS failure
DNS resolution of the LDAP server name is failing.
Invalid bind credentials
Check Bind DN and Bind password, this error can also be displayed if
SASL is set to DIGEST-MD5 when it should be set to None.
SASL is set to DIGEST-MD5 when it should be set to None.
Invalid bind DN
Check Bind DN; the current value does not describe a valid account in the
LDAP director.
LDAP director.
This failed state may be wrongly reported if the Bind DN is 74 or more
characters in length. To check whether there is a real failure or not, set up
an administrator group on the Expressway using a valid group name. If
Expressway reports “saved” then there is not a problem (the Expressway
checks that it can find the group specified). If it reports that the group
cannot be found then either the Bind DN is wrong, the group is wrong or
one of the other configuration items may be wrong.
characters in length. To check whether there is a real failure or not, set up
an administrator group on the Expressway using a valid group name. If
Expressway reports “saved” then there is not a problem (the Expressway
checks that it can find the group specified). If it reports that the group
cannot be found then either the Bind DN is wrong, the group is wrong or
one of the other configuration items may be wrong.
There is no CA certificate installed
CA certificate, private key and server certificate are required for TLS.
Unable to get configuration
LDAP server information may be missing or incorrect.
Configuring Administrator Groups
The Administrator groups page (Users > Administrator groups) lists all the administrator groups that have been
configured on the Expressway, and lets you add, edit and delete groups.
configured on the Expressway, and lets you add, edit and delete groups.
When you log in to the Expressway web interface, your credentials are authenticated against the remote directory
service and you are assigned the access rights associated with the group to which you belong. If the
administrator account belongs to more than one group, the highest level permission is assigned.
service and you are assigned the access rights associated with the group to which you belong. If the
administrator account belongs to more than one group, the highest level permission is assigned.
The configurable options are:
Field
Description
Usage tips
Name
The name of the administrator group.
It cannot contain any of the following characters:
/ \ [ ] : ; | = , + * ? > < @ "
The group names defined in the Expressway
must match the group names that have been
set up in the remote directory service to
manage administrator access to this
Expressway.
must match the group names that have been
set up in the remote directory service to
manage administrator access to this
Expressway.
175
Cisco Expressway Administrator Guide