01-14-2021 01:50 AM - last edited on 03-09-2022 11:09 PM by smallbusiness
Hi Everyone,
I have successfully configured an LDAPS binding between Cisco ISE and Google LDAPS (available with Cloud Identity Premium) and I can retrieve users and groups (needed custom schema settings). I were able to do that only by using a linux server with stunnel to proxy the connection.
Is there a chance to connect to Google LDAPS directly from Cisco ISE? what it seems to be the issue is the lack of support for LDAP authentication via certificate as it is a Google LDAPS requirement.
Thank you!
01-14-2021 01:57 PM
Additionally I have been working on creating an authorization flow that would match group membership from Google LDAP after fetching the username from a user certificate where the CN is the email of the user.
So far I have been unable to get the External LDAP groups.
Thinking it was a problem with subject format, I tried with a dummy PAP authentication against Google LDAP identity store and I could authenticate, retrieve extra attributes but no way I could retrieve group membership.
Also I tried by adding "memberOf" as an additional attribute in the LDAP connector in ISE and when I can process the authentication with PAP I can also retrieve data from these attributes but in Wireless EAP-TLS there is no chance to go through the authentication flow (no binary comparison available for certs since Google LDAP host no user certificate...) and so I cannot retrieve any attribute to use in the authorization flow.
Long story, was anyone able to make this work or has any suggestion?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide