Re: LMS and AD

d-jenkins · ‎12-19-2006

In Ciscoworks version 2.6 I am tring to get the local user and the AD user ID to work together to allow me to give the AD user permissions. The distinguished name format(lastname\, firstname) is not allowed as a local user. Is there any way to change what ldap field it is using for the login name?

Joe Clarke · ‎12-19-2006

You can specify an alternate Prefix when configuring your AD settings in LMS. The default is "cn=" but you could use, for example, "uid=".

d-jenkins · ‎12-20-2006

I can login by using CN but uid does not work.

We are using 2003 and in the help text is says(Note: Anonymous bind is disabled by default in MS AD 2003 onwards. Hence, the user must configure the complete Userroot in CiscoWorks screens.

In this case, the prefix should be excatly the same as the one in the distinguished name (DN) like uid or cn and can not be other values like samAccountName which can otherwise be used for a search.)

So does this mean that if the distinguished name uses the CN I could find that anonymously (this seems to work) If I would want to use the uid I would need to allow anonymous because it is not the distinguished name and anonymous not is allowed by default?

Joe Clarke · ‎12-20-2006

Yeah, this means that if my DN is, and I'll use a local example for my ldap server:

uid=jclarke, ou=rtp-nms, o=cisco.com

Then I would need to use uid, and I could NOT use anything else. That's because LMS would do a bind as me to the server for authentication. If I needed to use another prefix, I would need to enable anonymous bind.

d-jenkins · ‎12-21-2006

Thanks for your help I now know it won't work for me and I will need to try another way.