Cisco Cisco Expressway Maintenance Manual
Configuring remote account authentication using
LDAP
LDAP
The
LDAP configuration
page (
Users > LDAP configuration
) is used to configure an LDAP connection to
a remote directory service for administrator account authentication.
The configurable options are:
Field
Description
Usage tips
Remote account authentication
: this section allows you to enable or disable the use of LDAP for remote account
authentication.
Administrator
authentication
source
authentication
source
Defines where administrator login credentials are
authenticated.
authenticated.
Local only: credentials are verified against a local
database stored on the system.
database stored on the system.
Remote only: credentials are verified against an
external credentials directory.
external credentials directory.
Both: credentials are verified first against a local
database stored on the system, and then if no
matching account is found the external credentials
directory is used instead.
database stored on the system, and then if no
matching account is found the external credentials
directory is used instead.
The default is Local only.
Both allows you to continue to use
locally-defined accounts. This is useful
while troubleshooting any connection or
authorization issues with the LDAP
server.
locally-defined accounts. This is useful
while troubleshooting any connection or
authorization issues with the LDAP
server.
You cannot log in using a locally-
configured administrator account,
including the default admin account, if
Remote only authentication is in use.
Note: do not use Remote only if
Expressway is managed by Cisco TMS.
configured administrator account,
including the default admin account, if
Remote only authentication is in use.
Note: do not use Remote only if
Expressway is managed by Cisco TMS.
LDAP server configuration
: this section specifies the connection details to the LDAP server.
FQDN
address
resolution
address
resolution
Defines how the LDAP server address is resolved.
SRV record: DNS SRV record lookup.
Address record: DNS A or AAAA record lookup.
IP address: entered directly as an IP address.
The default is Address record.
Host name
and Domain
and Domain
or
Server
address
address
The way in which the server address is specified
depends on the FQDN address resolution setting:
depends on the FQDN address resolution setting:
SRV record: only the Domain portion of the server
address is required.
address is required.
Address record: enter the Host name and Domain.
These are then combined to provide the full server
address for the DNS address record lookup.
These are then combined to provide the full server
address for the DNS address record lookup.
IP address: the Server address is entered directly
as an IP address.
as an IP address.
If using TLS, the address entered here
must match the CN (common name)
contained within the certificate presented
by the LDAP server.
must match the CN (common name)
contained within the certificate presented
by the LDAP server.
Port
The IP port to use on the LDAP server.
Typically, non-secure connections use
389 and secure connections use 636.
389 and secure connections use 636.
Cisco Expressway Administrator Guide (X8.1)
Page 163 of 344
User accounts
Configuring remote account authentication using LDAP