Cisco Cisco Clean Access 3.5

6-9

Cisco Clean Access Manager Installation and Administration Guide

OL-7044-01

Chapter 6 User Management: Auth Servers

Configure an Authentication Provider

LDAP

An LDAP auth provider in the Clean Access Manager can be used to authenticate users against a
Microsoft Active Directory server. See

Authenticating Against Active Directory, page 6-16

for details.

Note

Cisco Clean Access performs standard search and bind authentication. For LDAP, if Search DN/Search
Password is not specified, anonymous bind is attempted.

Figure 6-6

Add LDAP Auth Server

Go to User Management > Auth Servers > New Server.

Authentication Type — Choose LDAP from the dropdown menu.

Provider Name — Type a unique name for this authentication provider. Enter a meaningful or
recognizable name if web login users will be able to select providers from the web login page.

Server URL – The URL of the LDAP server, in the form:

ldap://<directory_server_name>:<port_number>

If no port number is specified, 389 is assumed.

Server version – The LDAP version. Supported types include Version 2 and Version 3. Leave as
Auto (default) to have the server version automatically detected.

Search DN – If access to the directory is controlled, the LDAP administrator ID used to connect to
the server in this field. (e.g. cn= jane doe, cn=users, dc=cisco, dc=com)

Search Password – The password for the LDAP administrator.

Search Base Context – The root of the LDAP tree in which to perform the search for users (e.g.
dc=cisco, dc=com)

Search Filter – The attribute to be authenticated (e.g., uid=$user$, or sAMAccountName=$user$

10.

Referral – Whether referral entries are managed (in which the LDAP server returns referral entries
as ordinary entries) or returned as handles (Handle(Follow)). The default is Manage(Ignore).