Cisco Cisco Expressway Manual De Manutenção
Field
Description
Usage tips
Encryption
Determines whether the connection to the LDAP
server is encrypted using Transport Layer Security
(TLS).
server is encrypted using Transport Layer Security
(TLS).
TLS: uses TLS encryption for the connection to the
LDAP server.
LDAP server.
Off: no encryption is used.
The default is TLS.
When TLS is enabled, the LDAP server’s
certificate must be signed by an authority
within the Expressway’s trusted CA
certificates file.
certificate must be signed by an authority
within the Expressway’s trusted CA
certificates file.
Click Upload a CA certificate file for TLS
(in the Related tasks section) to go to the
Certificate
revocation list
(CRL)
checking
revocation list
(CRL)
checking
Specifies whether certificate revocation lists (CRLs)
are checked when forming a TLS connection with the
LDAP server.
are checked when forming a TLS connection with the
LDAP server.
None: no CRL checking is performed.
Peer: only the CRL associated with the CA that issued
the LDAP server's certificate is checked.
the LDAP server's certificate is checked.
All: all CRLs in the trusted certificate chain of the CA
that issued the LDAP server's certificate are checked.
that issued the LDAP server's certificate are checked.
The default is None.
If you are using revocation lists, any
required CRL data must also be included
within the CA certificate file.
required CRL data must also be included
within the CA certificate file.
Authentication configuration: this section specifies the Expressway's authentication credentials to use when
binding to the LDAP server.
Bind DN
The distinguished name (case insensitive) used by the
Expressway when binding to the LDAP server.
Expressway when binding to the LDAP server.
It is important to specify the DN in the order cn=, then
ou=, then dc=
ou=, then dc=
Any special characters within a name
must be escaped with a backslash as per
the LDAP standard (RFC 4514). Do not
escape the separator character between
names.
must be escaped with a backslash as per
the LDAP standard (RFC 4514). Do not
escape the separator character between
names.
The bind account is usually a read-only
account with no special privileges.
account with no special privileges.
Bind
password
password
The password (case sensitive) used by the
Expressway when binding to the LDAP server.
Expressway when binding to the LDAP server.
The maximum plaintext length is 60
characters, which is then encrypted.
characters, which is then encrypted.
SASL
The SASL (Simple Authentication and Security Layer)
mechanism to use when binding to the LDAP server.
mechanism to use when binding to the LDAP server.
None: no mechanism is used.
DIGEST-MD5: the DIGEST-MD5 mechanism is used.
The default is DIGEST-MD5.
Enable Simple Authentication and
Security Layer if it is company policy to do
so.
Security Layer if it is company policy to do
so.
Bind
username
username
Username of the account that the Expressway will use
to log in to the LDAP server (case sensitive).
to log in to the LDAP server (case sensitive).
Only required if SASL is enabled.
Configure this to be the
sAMAccountName; Security Access
Manager Account Name (in AD this is the
account’s user logon name).
sAMAccountName; Security Access
Manager Account Name (in AD this is the
account’s user logon name).
Directory configuration: this section specifies the base distinguished names to use when searching for account
and group names.
and group names.
184
Cisco Expressway Administrator Guide
User Accounts