Cisco Cisco ACNS Software Version 5.5 Technical Manual
Configuring HTTP Request Authentication with CE
Running ACNS 5.0.1 and Microsoft Active
Directory
Running ACNS 5.0.1 and Microsoft Active
Directory
Document ID: 42000
Contents
Introduction
Prerequisites
Requirements
Components Used
Conventions
Configure
Configurations
Verify
Troubleshoot
Related Information
Prerequisites
Requirements
Components Used
Conventions
Configure
Configurations
Verify
Troubleshoot
Related Information
Introduction
This sample configuration shows you how to set up a Cisco Content Engine to perform an Active Directory
Lightweight Directory Access Protocol (LDAP) database search to allow/restrict users to access web
resources.
Lightweight Directory Access Protocol (LDAP) database search to allow/restrict users to access web
resources.
An Active Directory database is a user database of a Windows 2000 server. This database can be queried for
authentication purposes by LDAP protocols. Typically, a Content Engine LDAP client queries an LDAP
server's user database and obtains the user's credentials, such as user's account expiration, privileges, and
groups to which the user belongs. In Cisco Application and Content Networking System (ACNS) 5.0
software, the Content Engine LDAP client is also allowed to authenticate and authorize a user configured in a
remote Active Directory in a Windows 2000 server database.
authentication purposes by LDAP protocols. Typically, a Content Engine LDAP client queries an LDAP
server's user database and obtains the user's credentials, such as user's account expiration, privileges, and
groups to which the user belongs. In Cisco Application and Content Networking System (ACNS) 5.0
software, the Content Engine LDAP client is also allowed to authenticate and authorize a user configured in a
remote Active Directory in a Windows 2000 server database.
To use Miscrosoft Active Directory as the LDAP server for authentication with Content Engine, there are
some specific steps you must take. By default, Microsoft Active Directory does not allow anonymous LDAP
queries. To make LDAP queries or browse the directory, an LDAP client must bind to the LDAP server using
the Distinguished Name (DN) of an account that belongs to the Administrator group of the Windows system.
some specific steps you must take. By default, Microsoft Active Directory does not allow anonymous LDAP
queries. To make LDAP queries or browse the directory, an LDAP client must bind to the LDAP server using
the Distinguished Name (DN) of an account that belongs to the Administrator group of the Windows system.
To set up Microsoft Active Directory as your LDAP server, you need to determine the full DN and password
of an account in the Administrators group. For example, if the Active Directory administrator creates an
account in the Users folder of the Active Directory Users and Computers Windows NT/2000 control panel
and the DNS domain is sns.cisco.com, the resulting DN has the following structure: cn=<adminUsername>,
cn=users, dc=sns, dc=cisco, dc=com
of an account in the Administrators group. For example, if the Active Directory administrator creates an
account in the Users folder of the Active Directory Users and Computers Windows NT/2000 control panel
and the DNS domain is sns.cisco.com, the resulting DN has the following structure: cn=<adminUsername>,
cn=users, dc=sns, dc=cisco, dc=com
LDAP was invented to preserve the best qualities offered by X.500 while reducing the administrative costs.
LDAP provides an open directory access protocol running over TCP/IP. It retains the X.500 data model and it
is scalable to a global size and millions of entries for a modest investment in hardware and network
infrastructure. The result is a global directory solution that is affordable enough to be used by small
organizations, but which also can be scaled to support the largest of enterprises.
LDAP provides an open directory access protocol running over TCP/IP. It retains the X.500 data model and it
is scalable to a global size and millions of entries for a modest investment in hardware and network
infrastructure. The result is a global directory solution that is affordable enough to be used by small
organizations, but which also can be scaled to support the largest of enterprises.
An LDAP−enabled Cache Engine / Content Engine authenticates users with an LDAP server. With an HTTP
query, the Content Engine obtains a set of credentials from the user (user ID and password), and compares
query, the Content Engine obtains a set of credentials from the user (user ID and password), and compares