Cisco Cisco Firepower Management Center 4000

This example shows a connection using a base distinguished name of 

OU=security,

DC

=it,

DC

=example,

DC

=com

 for the security organization in the information technology 

domain of the Example company. 

However, because this server is a Microsoft Active Directory server, it uses the 

sAMAccountName

 attribute 

to store user names rather than the 

uid

 attribute. Selecting the MS Active Directory server type and 

clicking 

 sets the UI Access Attribute to 

sAMAccountName

. As a result, the FireSIGHT System 

checks the 

sAMAccountName

 attribute for each object for matching user names when a user attempts to 

log into the FireSIGHT System. 

In addition, a 

 of 

sAMAccountName

 causes each 

sAMAccountName

 attribute to be 

checked for all objects in the directory for matches when a user logs into a shell account on the appliance. 

Note that because no base filter is applied to this server, the FireSIGHT System checks attributes for all 
objects in the directory indicated by the base distinguished name. Connections to the server time out 
after the default time period (or the timeout period set on the LDAP server).

Any

This example illustrates an advanced configuration of an LDAP login authentication object for a 
Microsoft Active Directory Server. The LDAP server in this example has an IP address of 10.11.3.4. The 
connection uses port 636 for access.

This example shows a connection using a base distinguished name of 

OU=security,

DC

=it,

DC

=example,

DC

=com

 for the security organization in the information technology 

domain of the Example company. However, note that this server has a base filter of 

(cn=*smith)

. The 

filter restricts the users retrieved from the server to those with a common name ending in 

smith

.