cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1223
Views
5
Helpful
3
Replies
palonso_3
Beginner

External Identity Source - LDAP Admin DN account

Hi,

I have a doubt about what information to put in the Admin DN filed when we are defining a LDAP external identity store.

For example: the objects in the identity store are in the route: CN=NAC,DC=ds,DC=corp

The Admin DN account that I should put to configure and bind the connection has to be mandatorily an admin accont of that domain, or I could put another account from another domain, but where the user defined on the server has read privileges at least to get the groups and subjects.

With this configuration, the bind is successful. The question

Thanks and kind regards

1 ACCEPTED SOLUTION

Accepted Solutions

Yes, that's correct. I've seen some instances when you need to specify the domain even when you're querying the domain controller from that domain, so it's safest to specify the domain.

View solution in original post

3 REPLIES 3
vibobrov
Cisco Employee

It does not need to be an admin account. Since you're going against Active Directory, you don't need to spell out the full DN. You can specify domain\username as well.

Hi Viktor,

Thanks for your reply. So as far if I understand you, I could put a username from another domain (different from ds.corp), in the form DOMAIN\username, if this username is allowed to ask the LDAP server and get the information.

Is that correct?

Thanks and regards

Yes, that's correct. I've seen some instances when you need to specify the domain even when you're querying the domain controller from that domain, so it's safest to specify the domain.

View solution in original post

Create
Recognize Your Peers
Content for Community-Ad

ISE Webinars



Did you miss a previous ISE webinar?

CiscoISE YouTube Channel