Cisco Cisco Expressway 관리 매뉴얼
Field
Description
Usage tips
Encryption
Determines whether the connection to the LDAP
server is encrypted using Transport Layer Security
(TLS).
server is encrypted using Transport Layer Security
(TLS).
TLS: uses TLS encryption for the connection to the
LDAP server.
LDAP server.
Off: no encryption is used.
The default is TLS.
When TLS is enabled, the LDAP server’s
certificate must be signed by an authority
within the Expressway’s trusted CA
certificates file.
certificate must be signed by an authority
within the Expressway’s trusted CA
certificates file.
Click
Upload a CA certificate file for
TLS
(in the
Related tasks
section) to go
page.
Certificate
revocation list
(CRL)
checking
revocation list
(CRL)
checking
Specifies whether certificate revocation lists (CRLs)
are checked when forming a TLS connection with
the LDAP server.
are checked when forming a TLS connection with
the LDAP server.
None: no CRL checking is performed.
Peer: only the CRL associated with the CA that
issued the LDAP server's certificate is checked.
issued the LDAP server's certificate is checked.
All: all CRLs in the trusted certificate chain of the CA
that issued the LDAP server's certificate are
checked.
that issued the LDAP server's certificate are
checked.
The default is None.
If you are using revocation lists, any
required CRL data must also be included
within the CA certificate file.
required CRL data must also be included
within the CA certificate file.
Authentication configuration
: this section specifies the Expressway's authentication credentials to use when
binding to the LDAP server.
Bind DN
The distinguished name (case insensitive) used by
the Expressway when binding to the LDAP server.
the Expressway when binding to the LDAP server.
It is important to specify the DN in the order cn=,
then ou=, then dc=
then ou=, then dc=
Any special characters within a name
must be escaped with a backslash as
per the LDAP standard (RFC 4514). Do
not escape the separator character
between names.
must be escaped with a backslash as
per the LDAP standard (RFC 4514). Do
not escape the separator character
between names.
The bind account is usually a read-only
account with no special privileges.
account with no special privileges.
Bind
password
password
The password (case sensitive) used by the
Expressway when binding to the LDAP server.
Expressway when binding to the LDAP server.
The maximum plaintext length is 60
characters, which is then encrypted.
characters, which is then encrypted.
SASL
The SASL (Simple Authentication and Security
Layer) mechanism to use when binding to the LDAP
server.
Layer) mechanism to use when binding to the LDAP
server.
None: no mechanism is used.
DIGEST-MD5: the DIGEST-MD5 mechanism is
used.
used.
The default is DIGEST-MD5.
Enable Simple Authentication and
Security Layer if it is company policy to
do so.
Security Layer if it is company policy to
do so.
Bind
username
username
Username of the account that the Expressway will
use to log in to the LDAP server (case sensitive).
use to log in to the LDAP server (case sensitive).
Only required if SASL is enabled.
Configure this to be the
sAMAccountName; Security Access
Manager Account Name (in AD this is the
account’s user logon name).
sAMAccountName; Security Access
Manager Account Name (in AD this is the
account’s user logon name).
Directory configuration
: this section specifies the base distinguished names to use when searching for account
and group names.
Cisco Expressway Administrator Guide (X8.5.2)
Page 205 of 403
User accounts
Configuring remote account authentication using LDAP