Руководство По Обслуживанию для Cisco Cisco Expressway
Error message
Reason / resolution
Invalid bind DN
Check Bind DN; the current value does not describe a valid account in the
LDAP director.
LDAP director.
This failed state may be wrongly reported if the Bind DN is 74 or more
characters in length. To check whether there is a real failure or not, set up
an administrator group on the Expressway using a valid group name. If
Expressway reports “saved” then there is not a problem (the Expressway
checks that it can find the group specified). If it reports that the group
cannot be found then either the Bind DN is wrong, the group is wrong or
one of the other configuration items may be wrong.
characters in length. To check whether there is a real failure or not, set up
an administrator group on the Expressway using a valid group name. If
Expressway reports “saved” then there is not a problem (the Expressway
checks that it can find the group specified). If it reports that the group
cannot be found then either the Bind DN is wrong, the group is wrong or
one of the other configuration items may be wrong.
There is no CA certificate installed
CA certificate, private key and server certificate are required for TLS.
Unable to get configuration
LDAP server information may be missing or incorrect.
Configuring Administrator Groups
The Administrator groups page (Users > Administrator groups) lists all the administrator groups that have been
configured on the Expressway, and lets you add, edit and delete groups.
configured on the Expressway, and lets you add, edit and delete groups.
When you log in to the Expressway web interface, your credentials are authenticated against the remote directory
service and you are assigned the access rights associated with the group to which you belong. If the
administrator account belongs to more than one group, the highest level permission is assigned.
service and you are assigned the access rights associated with the group to which you belong. If the
administrator account belongs to more than one group, the highest level permission is assigned.
The configurable options are:
Field
Description
Usage tips
Name
The name of the administrator group.
It cannot contain any of the following characters:
/ \ [ ] : ; | = , + * ? > < @ "
The group names defined in the Expressway
must match the group names that have been
set up in the remote directory service to
manage administrator access to this
Expressway.
must match the group names that have been
set up in the remote directory service to
manage administrator access to this
Expressway.
Access
level
level
The access level given to members of the administrator
group:
group:
Read-write: allows all configuration information to be
viewed and changed. This provides the same rights as
the default admin account.
viewed and changed. This provides the same rights as
the default admin account.
Read-only: allows status and configuration information
to be viewed only and not changed. Some pages, such
as the Upgrade page, are blocked to read-only
accounts.
to be viewed only and not changed. Some pages, such
as the Upgrade page, are blocked to read-only
accounts.
Auditor: allows access to the Event Log, Configuration
Log, Network Log, Alarms and Overview pages only .
Log, Network Log, Alarms and Overview pages only .
None: no access is allowed.
Default: Read-write
If an administrator belongs to more than one
group, it is assigned the highest level
permission for each of the access settings
across all of the groups to which it belongs
(any groups in a disabled state are ignored).
See
group, it is assigned the highest level
permission for each of the access settings
across all of the groups to which it belongs
(any groups in a disabled state are ignored).
See
below for more information.
186
Cisco Expressway Administrator Guide
User Accounts