cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1757
Views
5
Helpful
4
Replies

OpenLdap Cisco ISE 1.2

jgoethals
Beginner
Beginner

Is OpenLdap supported by Cisco ISE 1.2?

When I try "Test bind to server" I get results so the connection seems fine. However when I set up the policies for a basic wlan with wpa2 authentication it says "Invalid password". When I put my username in the attributes folder it finds my id so I'm sure the link is working fine.

ldap.png

1 Accepted Solution

Accepted Solutions

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Jeroen,

Have a look at the support matrix:

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_id_stores.html#wp1346303

If you're using (any) LDAP + PEAP-MSCHAP, which is what people want to do quite often ... it's not going to work.

M.

View solution in original post

4 Replies 4

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Jeroen,

Have a look at the support matrix:

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_man_id_stores.html#wp1346303

If you're using (any) LDAP + PEAP-MSCHAP, which is what people want to do quite often ... it's not going to work.

M.

The protocol was wrong. After changing the protocols the ldap connection worked. Thanks

Hi Jeroen,

We are using Zentyal which is based on OpenLDAP. We can connect to the LDAP but we are forced to use a 3rd party supplicant on wireless. How is your setup and what supplicant are you using?

aqjaved
Participant
Participant
Cisco ISE always uses the primary LDAP  server to obtain groups and attributes for use in authorization policies  from the Admin portal, so the  primary LDAP server must be accessible when you configure these items.  Cisco ISE uses the secondary LDAP server only for authentications and  authorizations at run time, according to the failover configuration. 

Cisco ISE retains a list of  open LDAP connections (including the binding information) for each LDAP  server that is configured in Cisco  ISE. During the authentication process, the connection manager attempts  to find an open connection from the pool. If an open connection does not  exist, a new one is opened.

If the LDAP server closed the  connection, the connection manager reports an error during the first  call to search the directory, and tries to renew the connection. After  the authentication process is complete, the connection manager releases  the connection.

Please check the  below link which can helpful for you:

http://www.cisco.com/en/US/docs/security/ise/1.2/user_guide/ise_ui_reference_administration.html#wpxref71565

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers