Cisco Cisco Clean Access 3.5
6-9
Cisco Clean Access Manager Installation and Administration Guide
OL-7044-01
Chapter 6 User Management: Auth Servers
Configure an Authentication Provider
LDAP
An LDAP auth provider in the Clean Access Manager can be used to authenticate users against a
Microsoft Active Directory server. See
Microsoft Active Directory server. See
for details.
Note
Cisco Clean Access performs standard search and bind authentication. For LDAP, if Search DN/Search
Password is not specified, anonymous bind is attempted.
Password is not specified, anonymous bind is attempted.
Figure 6-6
Add LDAP Auth Server
1.
Go to User Management > Auth Servers > New Server.
2.
Authentication Type — Choose LDAP from the dropdown menu.
3.
Provider Name — Type a unique name for this authentication provider. Enter a meaningful or
recognizable name if web login users will be able to select providers from the web login page.
recognizable name if web login users will be able to select providers from the web login page.
4.
Server URL – The URL of the LDAP server, in the form:
ldap://<directory_server_name>:<port_number>
If no port number is specified, 389 is assumed.
5.
Server version – The LDAP version. Supported types include Version 2 and Version 3. Leave as
Auto (default) to have the server version automatically detected.
Auto (default) to have the server version automatically detected.
6.
Search DN – If access to the directory is controlled, the LDAP administrator ID used to connect to
the server in this field. (e.g. cn= jane doe, cn=users, dc=cisco, dc=com)
the server in this field. (e.g. cn= jane doe, cn=users, dc=cisco, dc=com)
7.
Search Password – The password for the LDAP administrator.
8.
Search Base Context – The root of the LDAP tree in which to perform the search for users (e.g.
dc=cisco, dc=com)
dc=cisco, dc=com)
9.
Search Filter – The attribute to be authenticated (e.g., uid=$user$, or sAMAccountName=$user$
).
10.
Referral – Whether referral entries are managed (in which the LDAP server returns referral entries
as ordinary entries) or returned as handles (Handle(Follow)). The default is Manage(Ignore).
as ordinary entries) or returned as handles (Handle(Follow)). The default is Manage(Ignore).