Cisco Cisco Firepower Management Center 4000
48-20
FireSIGHT System User Guide
Chapter 48 Managing Users
Managing Authentication Objects
Step 4
Retype the password in the
Confirm Password
field.
Step 5
After you configure the basic LDAP-specific parameters, you have several options:
•
To access advanced options, click the arrow next to
Show Advanced Options
and continue with the next
step.
•
If you want to configure user default roles based on LDAP group membership, continue with
•
If you are not using LDAP groups for authentication, continue with
Step 6
Optionally, select one of the following encryption modes:
•
To connect using Secure Sockets Layer (SSL), select
SSL
.
•
To connect using Transport Layer Security (TLS), select
TLS
.
•
To connect without encryption, select
None
.
Note
Note that if you change the encryption method after specifying a port, you reset the port to the
default value for that method. For none or TLS, the port uses the default value of 389. If you
select SSL encryption, the port uses the default of 636.
default value for that method. For none or TLS, the port uses the default value of 389. If you
select SSL encryption, the port uses the default of 636.
Step 7
If you selected TLS or SSL encryption and you want to use a certificate to authenticate, click
Browse
to
browse to the location of a valid TLS or SSL certificate or, in the
SSL Certificate Upload Path
field, type the
path to the certificate.
A message appears, indicating a successful certificate upload.
Note
If you previously uploaded a certificate and want to replace it, upload the new certificate and
reapply the system policy to your appliances to copy over the new certificate.
reapply the system policy to your appliances to copy over the new certificate.
Step 8
Optionally, in the
User Name Template
field, type the string conversion character (
%s
) used to determine
the user name from the value found in the
UI Access Attribute
.
For example, to authenticate all users who work in the Security organization of our example company
by connecting to an OpenLDAP server where the shell access attribute is
by connecting to an OpenLDAP server where the shell access attribute is
uid
, you might type
uid=%s,ou=security,dc=example,dc=com
in the
User Name Template
field. For a Microsoft Active
Directory server, you could type
%s@security.example.com.
Step 9
Optionally, in the
Timeout
field, type the number of seconds that should elapse before rolling over to the
backup connection.
Step 10
Optionally, to retrieve users based on an attribute instead of the Base DN and Base Filter, you have two
options:
options:
•
Click
Fetch Attrs
to retrieve a list of available attributes and select the appropriate attribute.
•
Type the attribute in the
UI Access Attribute
field.
For example, on a Microsoft Active Directory Server, you may want to use the UI Access Attribute to
retrieve users, because there may not be a
retrieve users, because there may not be a
uid
attribute on Active Directory Server user objects. Instead,
you can search the
userPrincipalName
attribute by typing
userPrincipalName
in the
UI Access Attribute
field.
Step 11
Optionally, to retrieve users for shell access, type the attribute to filter by in the
Shell Access Attribute
field.