cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

1598
Views
5
Helpful
4
Replies
jgoethals
Beginner

OpenLdap Cisco ISE 1.2

Is OpenLdap supported by Cisco ISE 1.2?

When I try "Test bind to server" I get results so the connection seems fine. However when I set up the policies for a basic wlan with wpa2 authentication it says "Invalid password". When I put my username in the attributes folder it finds my id so I'm sure the link is working fine.

ldap.png

1 ACCEPTED SOLUTION

Accepted Solutions
Marcin Latosiewicz
Cisco Employee

Jeroen,

Have a look at the support matrix:

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_id_stores.html#wp1346303

If you're using (any) LDAP + PEAP-MSCHAP, which is what people want to do quite often ... it's not going to work.

M.

View solution in original post

4 REPLIES 4
Marcin Latosiewicz
Cisco Employee

Jeroen,

Have a look at the support matrix:

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_id_stores.html#wp1346303

If you're using (any) LDAP + PEAP-MSCHAP, which is what people want to do quite often ... it's not going to work.

M.

View solution in original post

The protocol was wrong. After changing the protocols the ldap connection worked. Thanks

Hi Jeroen,

We are using Zentyal which is based on OpenLDAP. We can connect to the LDAP but we are forced to use a 3rd party supplicant on wireless. How is your setup and what supplicant are you using?

aqjaved
Participant

Cisco ISE always uses the primary LDAP  server to obtain groups and attributes for use in authorization policies  from the Admin portal, so the  primary LDAP server must be accessible when you configure these items.  Cisco ISE uses the secondary LDAP server only for authentications and  authorizations at run time, according to the failover configuration. 

Cisco ISE retains a list of  open LDAP connections (including the binding information) for each LDAP  server that is configured in Cisco  ISE. During the authentication process, the connection manager attempts  to find an open connection from the pool. If an open connection does not  exist, a new one is opened.

If the LDAP server closed the  connection, the connection manager reports an error during the first  call to search the directory, and tries to renew the connection. After  the authentication process is complete, the connection manager releases  the connection.

Please check the  below link which can helpful for you:

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_ui_reference_administration.html#wpxref71565

Content for Community-Ad