https://community.cisco.com/t5/network-access-control/ldap-user-query/m-p/1769011#M214132 <P>Hi, Im currently working on LDAP configuration on ACS for integrating with AD (window 2003) by TACACS+.</P><P>but im really confuse with common LDAP configuration. After configured, Im not able to map into the database, </P><P>'LDAP NOT REACHABLE' - keep getting this message,</P><P></P><P></P><P>this is what i configured, My username is test3</P><P>User directory subtree = dc=terry, o=terry</P><P>Group Directory subtree = ou=users, o=terry</P><P>UserObjectType = test3</P><P>UserObjectClass = user</P><P>GroupObjectType = cn</P><P>GroupObjectClass = groupOfuniqueNAMEs</P><P>GroupAttributeName = uniqueMember</P><P></P><P>Admin DN = uid=test3,ou=members,ou=administrators,o=terry</P><P></P><P>im pretty sure that this isnt rite. can ani one give me a hand for this issue?</P> Mon, 11 Mar 2019 01:26:28 GMT Terry Lee 2019-03-11T01:26:28Z https://community.cisco.com/t5/network-access-control/ldap-user-query/m-p/1769011#M214132 <P>Hi, Im currently working on LDAP configuration on ACS for integrating with AD (window 2003) by TACACS+.</P><P>but im really confuse with common LDAP configuration. After configured, Im not able to map into the database, </P><P>'LDAP NOT REACHABLE' - keep getting this message,</P><P></P><P></P><P>this is what i configured, My username is test3</P><P>User directory subtree = dc=terry, o=terry</P><P>Group Directory subtree = ou=users, o=terry</P><P>UserObjectType = test3</P><P>UserObjectClass = user</P><P>GroupObjectType = cn</P><P>GroupObjectClass = groupOfuniqueNAMEs</P><P>GroupAttributeName = uniqueMember</P><P></P><P>Admin DN = uid=test3,ou=members,ou=administrators,o=terry</P><P></P><P>im pretty sure that this isnt rite. can ani one give me a hand for this issue?</P> Mon, 11 Mar 2019 01:26:28 GMT https://community.cisco.com/t5/network-access-control/ldap-user-query/m-p/1769011#M214132 Terry Lee 2019-03-11T01:26:28Z https://community.cisco.com/t5/network-access-control/ldap-user-query/m-p/1769012#M214133 <HTML><HEAD></HEAD><BODY><P>with AD, usually the userobjectclass is "Person".</P><P>The userobjecttyp would be "cn" if "test3" is the value of the cn field for your user.</P><P>it's very confusing why your user subtree is supposed to be "dc=terry, o=terry" and you state the the user DN doesn't contain "dc" ...</P><P></P><P>I would advise you to take an LDAP browser like Softterra's and browse your AD, you will see the attributes and types of each folder etc ... and it should be clearer for you</P></BODY></HTML> Fri, 30 Sep 2011 07:02:46 GMT https://community.cisco.com/t5/network-access-control/ldap-user-query/m-p/1769012#M214133 Nicolas Darchis 2011-09-30T07:02:46Z