Cisco Cisco Expressway Maintenance Manual
Viewing Active Administrator Sessions
The Active administrator sessions page (Users > Active administrator sessions) lists all administrator accounts
that are currently logged in to this Expressway.
that are currently logged in to this Expressway.
It displays details of their session including their login time, session type, IP address and port, and when they last
accessed this Expressway.
accessed this Expressway.
You can terminate active web sessions by selecting the required sessions and clicking Terminate session.
You may see many sessions listed on this page if a zero Session time out value is configured. This typically occurs if
an administrator ends their session by closing down their browser without first logging out of the Expressway.
an administrator ends their session by closing down their browser without first logging out of the Expressway.
Configuring Remote Account Authentication Using LDAP
The LDAP configuration page (Users > LDAP configuration) is used to configure an LDAP connection to a remote
directory service for administrator account authentication.
directory service for administrator account authentication.
The configurable options are:
Field
Description
Usage tips
Remote account authentication: this section allows you to enable or disable the use of LDAP for remote account
authentication.
Administrator
authentication
source
authentication
source
Defines where administrator login credentials are
authenticated.
authenticated.
Local only: credentials are verified against a local
database stored on the system.
database stored on the system.
Remote only: credentials are verified against an
external credentials directory.
external credentials directory.
Both: credentials are verified first against a local
database stored on the system, and then if no
matching account is found the external credentials
directory is used instead.
database stored on the system, and then if no
matching account is found the external credentials
directory is used instead.
The default is Local only.
Both allows you to continue to use
locally-defined accounts. This is useful
while troubleshooting any connection or
authorization issues with the LDAP server.
locally-defined accounts. This is useful
while troubleshooting any connection or
authorization issues with the LDAP server.
You cannot log in using a locally-
configured administrator account,
including the default admin account, if
Remote only authentication is in use.
configured administrator account,
including the default admin account, if
Remote only authentication is in use.
Note: do not use Remote only if
Expressway is managed by Cisco TMS.
Expressway is managed by Cisco TMS.
LDAP server configuration: this section specifies the connection details to the LDAP server.
FQDN
address
resolution
address
resolution
Defines how the LDAP server address is resolved.
SRV record: DNS SRV record lookup.
Address record: DNS A or AAAA record lookup.
IP address: entered directly as an IP address.
The default is Address record.
Note:
if you use SRV records, ensure that the records
use the standard ports for LDAP.
_ldap._tcp.<domain>
must use 389 and
_ldaps._tcp.<domain>
must use
636. The Expressway does not support other port
numbers for LDAP.
numbers for LDAP.
The SRV lookup is for either _ldap._tcp or
_ldaps._tcp records, depending on
whether Encryption is enabled. If multiple
servers are returned, the priority and
weight of each SRV record determines the
order in which the servers are used.
_ldaps._tcp records, depending on
whether Encryption is enabled. If multiple
servers are returned, the priority and
weight of each SRV record determines the
order in which the servers are used.
243
Cisco Expressway Administrator Guide
User Accounts