cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

176
Views
0
Helpful
1
Replies
Highlighted

ISE 3.0.0.458 p#1 and Google LDAPS

Hi Everyone,

 

I have successfully configured an LDAPS binding between Cisco ISE and Google LDAPS (available with Cloud Identity Premium) and I can retrieve users and groups (needed custom schema settings). I were able to do that only by using a linux server with stunnel to proxy the connection.

 

Is there a chance to connect to Google LDAPS directly from Cisco ISE? what it seems to be the issue is the lack of support for LDAP authentication via certificate as it is a Google LDAPS requirement.

 

Thank you!

1 REPLY 1
Highlighted

Additionally I have been working on creating an authorization flow that would match group membership from Google LDAP after fetching the username from a user certificate where the CN is the email of the user.

 

So far I have been unable to get the External LDAP groups.

 

Thinking it was a problem with subject format, I tried with a dummy PAP authentication against Google LDAP identity store and I could authenticate, retrieve extra attributes but no way I could retrieve group membership.

 

Also I tried by adding "memberOf" as an additional attribute in the LDAP connector in ISE and when I can process the authentication with PAP I can also retrieve data from these attributes but in Wireless EAP-TLS there is no chance to go through the authentication flow (no binary comparison available for certs since Google LDAP host no user certificate...) and so I cannot retrieve any attribute to use in the authorization flow.

 

Long story, was anyone able to make this work or has any suggestion?

Content for Community-Ad