Cisco Cisco Expressway
Field
Description
Usage tips
Port
The IP port to use on the LDAP server.
Typically, non-secure connections use
389 and secure connections use 636.
389 and secure connections use 636.
Encryption
Determines whether the connection to the LDAP
server is encrypted using Transport Layer Security
(TLS).
server is encrypted using Transport Layer Security
(TLS).
TLS: uses TLS encryption for the connection to the
LDAP server.
LDAP server.
Off: no encryption is used.
When TLS is enabled, the LDAP
server’s certificate must be signed by
an authority within the Expressway’s
trusted CA certificates file.
server’s certificate must be signed by
an authority within the Expressway’s
trusted CA certificates file.
Click
Upload a CA certificate file for
TLS
(in the
Related tasks
section) to
go to the
Trusted CA certificate
page.
Certificate
revocation list
(CRL)
checking
revocation list
(CRL)
checking
Specifies whether certificate revocation lists
(CRLs) are checked when forming a TLS
connection with the LDAP server.
(CRLs) are checked when forming a TLS
connection with the LDAP server.
None: no CRL checking is performed.
Peer: only the CRL associated with the CA that
issued the LDAP server's certificate is checked.
issued the LDAP server's certificate is checked.
All: all CRLs in the trusted certificate chain of the
CA that issued the LDAP server's certificate are
checked.
CA that issued the LDAP server's certificate are
checked.
If you are using revocation lists, any
required CRL data must also be
included within the CA certificate file.
required CRL data must also be
included within the CA certificate file.
Bind DN
The distinguished name (case insensitive) used by
the Expressway when binding to the LDAP server.
the Expressway when binding to the LDAP server.
It is important to specify the DN in the order cn=,
then ou=, then dc=
then ou=, then dc=
Any special characters within a name
must be escaped with a backslash as
per the LDAP standard (RFC 4514).
Do not escape the separator character
between names.
must be escaped with a backslash as
per the LDAP standard (RFC 4514).
Do not escape the separator character
between names.
The bind account is usually a read-
only account with no special
privileges.
only account with no special
privileges.
Bind
password
password
The password (case sensitive) used by the
Expressway when binding to the LDAP server.
Expressway when binding to the LDAP server.
The maximum plaintext length is 60
characters, which is then encrypted.
characters, which is then encrypted.
SASL
The SASL (Simple Authentication and Security
Layer) mechanism to use when binding to the
LDAP server.
Layer) mechanism to use when binding to the
LDAP server.
None: no mechanism is used.
DIGEST-MD5: the DIGEST-MD5 mechanism is
used.
used.
Enable Simple Authentication and
Security Layer if it is company policy to
do so.
Security Layer if it is company policy to
do so.
Bind
username
username
Username of the account that the Expressway will
use to log in to the LDAP server (case sensitive).
use to log in to the LDAP server (case sensitive).
Only required if SASL is enabled.
Configure this to be the
sAMAccountName; Security Access
Manager Account Name (in AD this is
the account’s user logon name).
sAMAccountName; Security Access
Manager Account Name (in AD this is
the account’s user logon name).
Base DN for
accounts
accounts
The ou= and dc= definition of the Distinguished
Name where a search for user accounts should
start in the database structure (case insensitive).
Name where a search for user accounts should
start in the database structure (case insensitive).
It is important to specify the DN in the order ou=,
then dc=
then dc=
The Base DN for accounts and groups
must be at or below the dc level
(include all dc= values and ou= values
if necessary). LDAP authentication
does not look into sub dc accounts,
only lower ou= and cn= levels.
must be at or below the dc level
(include all dc= values and ou= values
if necessary). LDAP authentication
does not look into sub dc accounts,
only lower ou= and cn= levels.
Authenticating Expressway Accounts Using LDAP Deployment Guide (X8.1)
Page 6 of 19
Expressway configuration