Cisco Cisco Expressway Maintenance Manual
Error message
Reason / resolution
Invalid bind DN
Check Bind DN; the current value does not describe a valid account in
the LDAP director.
the LDAP director.
This failed state may be wrongly reported if the Bind DN is 74 or more
characters in length. To check whether there is a real failure or not, set
up an administrator group on the Expressway using a valid group
name. If Expressway reports “saved” then there is not a problem (the
Expressway checks that it can find the group specified). If it reports that
the group cannot be found then either the Bind DN is wrong, the group
is wrong or one of the other configuration items may be wrong.
characters in length. To check whether there is a real failure or not, set
up an administrator group on the Expressway using a valid group
name. If Expressway reports “saved” then there is not a problem (the
Expressway checks that it can find the group specified). If it reports that
the group cannot be found then either the Bind DN is wrong, the group
is wrong or one of the other configuration items may be wrong.
There is no CA certificate installed
CA certificate, private key and server certificate are required for TLS.
Unable to get configuration
LDAP server information may be missing or incorrect.
Configuring administrator groups
The
Administrator groups
page (
Users > Administrator groups
) lists all the administrator groups that
have been configured on the Expressway, and lets you add, edit and delete groups.
When an administrator logs in to the Expressway web interface, their credentials are authenticated against
the remote directory service and they are assigned the access rights associated with the group to which the
administrator belongs. If the administrator account belongs to more than one group, the highest level
permission is assigned.
the remote directory service and they are assigned the access rights associated with the group to which the
administrator belongs. If the administrator account belongs to more than one group, the highest level
permission is assigned.
The configurable options are:
Field
Description
Usage tips
Name
The name of the administrator group.
It cannot contain any of the following characters:
/ \ [ ] : ; | = , + * ? > < @ "
The group names defined in the Expressway
must match the group names that have been
set up in the remote directory service to
manage administrator access to this
Expressway.
must match the group names that have been
set up in the remote directory service to
manage administrator access to this
Expressway.
Access
level
level
The access level given to members of the
administrator group:
administrator group:
Read-write: allows all configuration information to be
viewed and changed. This provides the same rights as
the default admin account.
viewed and changed. This provides the same rights as
the default admin account.
Read-only: allows status and configuration information
to be viewed only and not changed. Some pages, such
as the
to be viewed only and not changed. Some pages, such
as the
Upgrade
page, are blocked to read-only
accounts.
Auditor: allows access to the
Event Log
,
Configuration
Log
,
Network Log
,
Alarms
and
Overview
pages only .
None: no access is allowed.
Default: Read-write
If an administrator belongs to more than one
group, it is assigned the highest level
permission for each of the access settings
across all of the groups to which it belongs
(any groups in a disabled state are ignored).
See
group, it is assigned the highest level
permission for each of the access settings
across all of the groups to which it belongs
(any groups in a disabled state are ignored).
See
Cisco Expressway Administrator Guide (X8.1.1)
Page 167 of 343
User accounts
Configuring remote account authentication using LDAP