LDAP user query

Terry Lee · ‎09-29-2011

Hi, Im currently working on LDAP configuration on ACS for integrating with AD (window 2003) by TACACS+.

but im really confuse with common LDAP configuration. After configured, Im not able to map into the database,

'LDAP NOT REACHABLE' - keep getting this message,

this is what i configured, My username is test3

User directory subtree = dc=terry, o=terry

Group Directory subtree = ou=users, o=terry

UserObjectType = test3

UserObjectClass = user

GroupObjectType = cn

GroupObjectClass = groupOfuniqueNAMEs

GroupAttributeName = uniqueMember

Admin DN = uid=test3,ou=members,ou=administrators,o=terry

im pretty sure that this isnt rite. can ani one give me a hand for this issue?

Nicolas Darchis · ‎09-30-2011

with AD, usually the userobjectclass is "Person".

The userobjecttyp would be "cn" if "test3" is the value of the cn field for your user.

it's very confusing why your user subtree is supposed to be "dc=terry, o=terry" and you state the the user DN doesn't contain "dc" ...

I would advise you to take an LDAP browser like Softterra's and browse your AD, you will see the attributes and types of each folder etc ... and it should be clearer for you