ISE and LDAP Integration - Cisco Community

4289

Views

5

Helpful

2

Replies

Hello,

I have a question about the LDAP integration with the ISE:

Since the ISE has a limitation of reading only 100 groups, I cannot find the groups that I need to use on the authorization, and also the ISE cannot find group if I search for it directly.

What I mean here, that I can fetch the first 100 groups from the top of the directory, but when I search as example for any group (appear on the list or not) the ISE did not find it.

Even I tried to change the base DN and the search DN but without luck.

The ISE version is 1.1.4 installed on VM and the LDAP schema is AD.

Is there any missing information/tips required in such integration?

2 Replies 2

hi,

as far as I know this limitation is regarding the window where it is displayed.

If you use "filter" option using for egzample

*User*

you will see that you can reed all the groups with the name containing that word.

I have a deployment where there are a few hundreds of AD groups and still can filter whatever I want.

regards

Hello,

I found a cisco doc that provides resolution of Key Features of Integration of Cisco ISE and LDAP .I hope this helps!

This section contains the following:

•Directory Service

•Multiple LDAP Instances

•LDAP Connection Management

•User Authentication

•Authentication Using LDAP

•Binding Errors

•MAC Address Lookup

•Group Membership Information Retrieval

•Attributes Retrieval

•Certificate Retrieval

http://www.cisco.com/en/US/docs/security/ise/1.0/user_guide/ise10_man_id_stores.html#wp1059913

Learn, share, save

Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.

New here? Get started with these tips. How to use Community New member guide

Log in to Community