Field Description Usage tips
Host name
and Domain
or
Server
address
The way in which the server address is specified
depends on the FQDN address resolution setting:
SRV record: only the Domain portion of the server
address is required.
Address record: enter the Host name and Domain.
These are then combined to provide the full server
address for the DNS address record lookup.
IP address: the Server address is entered directly
as an IP address.
If using TLS, the address entered here
must match the CN (common name)
contained within the certificate presented
by the LDAP server.
Port The IP port to use on the LDAP server. Typically, non-secure connections use
389 and secure connections use 636.
Encryption Determines whether the connection to the LDAP
server is encrypted using Transport Layer Security
(TLS).
TLS: uses TLS encryption for the connection to the
LDAP server.
Off: no encryption is used.
The default is TLS.
When TLS is enabled, the LDAP
server’s certificate must be signed by an
authority within the VCS’s trusted CA
certificates file.
Click Upload a CA certificate file for
TLS (in the Related tasks section) to go
to the Managing the trusted CA
certificate list [p.285] page.
Certificate
revocation list
(CRL)
checking
Specifies whether certificate revocation lists (CRLs)
are checked when forming a TLS connection with
the LDAP server.
None: no CRL checking is performed.
Peer: only the CRL associated with the CA that
issued the LDAP server's certificate is checked.
All: all CRLs in the trusted certificate chain of the CA
that issued the LDAP server's certificate are
checked.
The default is None.
If you are using revocation lists, any
required CRL data must also be included
within the CA certificate file.
Authentication configuration: this section specifies the VCS's authentication credentials to use when binding to
the LDAP server.
Bind DN The distinguished name (case insensitive) used by
the VCS when binding to the LDAP server.
It is important to specify the DN in the order cn=, then
ou=, then dc=
Any special characters within a name
must be escaped with a backslash as
per the LDAP standard (RFC 4514). Do
not escape the separator character
between names.
The bind account is usually a read-only
account with no special privileges.
Bind
password
The password (case sensitive) used by the VCS
when binding to the LDAP server.
The maximum plaintext length is 60
characters, which is then encrypted.
SASL The SASL (Simple Authentication and Security
Layer) mechanism to use when binding to the LDAP
server.
None: no mechanism is used.
DIGEST-MD5: the DIGEST-MD5 mechanism is used.
The default is DIGEST-MD5.
Enable Simple Authentication and
Security Layer if it is company policy to
do so.
Cisco VCS Administrator Guide (X8.1.1) Page 266 of 507
User accounts
Configuring remote account authentication using LDAP
To Next Page
Loading...
