Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1993
Views
5
Helpful
4
Replies

OpenLdap Cisco ISE 1.2

Go to solution
jgoethals
Level 1
Level 1

‎09-13-2013 02:02 AM - edited ‎03-10-2019 08:53 PM

Is OpenLdap supported by Cisco ISE 1.2?

When I try "Test bind to server" I get results so the connection seems fine. However when I set up the policies for a basic wlan with wpa2 authentication it says "Invalid password". When I put my username in the attributes folder it finds my id so I'm sure the link is working fine.

ldap.png

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎09-13-2013 04:02 AM

Jeroen,

Have a look at the support matrix:

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_id_stores.html#wp1346303

If you're using (any) LDAP + PEAP-MSCHAP, which is what people want to do quite often ... it's not going to work.

M.

View solution in original post

4 Replies 4

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎09-13-2013 04:02 AM

Jeroen,

Have a look at the support matrix:

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_id_stores.html#wp1346303

If you're using (any) LDAP + PEAP-MSCHAP, which is what people want to do quite often ... it's not going to work.

M.

Go to solution
jgoethals
Level 1
Level 1
In response to Marcin Latosiewicz

‎09-13-2013 04:51 AM

The protocol was wrong. After changing the protocols the ldap connection worked. Thanks

0 Helpful

Go to solution
edwardwaithaka
Level 1
Level 1
In response to jgoethals

‎04-04-2014 03:47 AM

Hi Jeroen,

We are using Zentyal which is based on OpenLDAP. We can connect to the LDAP but we are forced to use a 3rd party supplicant on wireless. How is your setup and what supplicant are you using?

0 Helpful

Go to solution
aqjaved
Level 3
Level 3

‎09-13-2013 08:54 AM

Cisco ISE always uses the primary LDAP  server to obtain groups and attributes for use in authorization policies  from the Admin portal, so the  primary LDAP server must be accessible when you configure these items.  Cisco ISE uses the secondary LDAP server only for authentications and  authorizations at run time, according to the failover configuration. 

Cisco ISE retains a list of  open LDAP connections (including the binding information) for each LDAP  server that is configured in Cisco  ISE. During the authentication process, the connection manager attempts  to find an open connection from the pool. If an open connection does not  exist, a new one is opened.

If the LDAP server closed the  connection, the connection manager reports an error during the first  call to search the directory, and tries to renew the connection. After  the authentication process is complete, the connection manager releases  the connection.

Please check the  below link which can helpful for you:

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_ui_reference_administration.html#wpxref71565

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents