Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


acs 5.2 and non AD ldap

I must be stupid.

I have an external LDAP server, (like openldap, but it is an old netscape one).

I can't authenticate against it.  I can anonymous bind against it. but that is it.

I don't want groups or any attributes.  I simply want to say User X password Y, authenticate.

Any time I test anything, it seems to go out to lunch.

Does anyone have an example of this?  What I am actually doing

is to authenticate PEAP-GTC for a wireless network.  I can get the request to the correct

external user store, but from there it doesn't work.

I can probably translate an openldap example.  The ldap works fine against, say Apache

authentication, so it is not so weird.

michael mearlon

good luck:

I wish i could help, but i haven't got to the wireless part yet. I just got the hardwire to wrk. I used a certificate created by the ACS Certificate signing and had the cert created by our inhouse CA. I'm still trying to understand how all this works, but did you look at the monitoring logs on your failed authentication attempts? It should give you some details. Is your ACS Even able to pass authentication back to the LDAP to verify the client?

good luck:

Sent from Cisco Technical Support iPad App

Sent from Cisco Technical Support iPad App


Well, I got it to work.

It was either a CAcert was wrong, or a reboot that cleared the ldap connections.  Once I tested with

a simple 389 server and authenticated, I could see what is supposed to be returned and my settings

were correct.  I redid it with ldaps, and it worked.

I was then able to get both authenticated and unauthenticated to work, and then the whole thing

to work.

So either it was ldap connection hung, or the Cert was wrong.  When I hit the test button, either should

have spit up some relevant debug stuff (Connection could not be started) or like (SSL connection

could not be initiated)  but it just went out to lunch.  So I believe something was hung up in the box itself.

Content for Community-Ad