Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1688
Views
0
Helpful
4
Replies

Cisco VCS and LDAP for User Authentication

Go to solution
William Bell
VIP Alumni
VIP Alumni

‎06-23-2011 11:46 PM - edited ‎03-17-2019 10:21 PM

I have a question about configuring LDAP for user authentication on the VCS. I want to have redundancy in my LDAP link. I believe this is possible by setting the LDAP server address to a FQDN and then selecting a resolution type of SRV. What I am unclear on is what the value for the server address would be if I was indeed using SRV as the resolution type. I should also add that I am looking to use TLS

To clarify, if my AD domain is myad.netcraftsmen.net. Would I configure the server address field as:

myad.netcraftsmen.net : assuming that VCS will properly query DNS for the correct _service._proto parameters?

or would I need to create a new SRV record for this purpose and configure the server address field with the specific address (including the _service._proto fields)

or would I need to specify one of the SRV record formats used by MS AD domains (there are several).

If the latter, then which SRV record for TLS. I only see records with port 389 (non-secure).

My intuition tells me that it is probably the first option but I could be way off.

Anyway, thanks in advance for any input.

Regards,

Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
awinter2
Level 7
Level 7

‎06-23-2011 11:53 PM

Hi William,

I just checked this on an X6.1 VCS, and it seems the VCS performs an SRV lookup on _ldap._tcp.domain (Where 'domain' has been input as the Server Address), both when encryption is set to 'None' and 'TLS'.

Hope this helps,

Andreas

View solution in original post

0 Helpful
4 Replies 4

Go to solution
awinter2
Level 7
Level 7

‎06-23-2011 11:53 PM

Hi William,

I just checked this on an X6.1 VCS, and it seems the VCS performs an SRV lookup on _ldap._tcp.domain (Where 'domain' has been input as the Server Address), both when encryption is set to 'None' and 'TLS'.

Hope this helps,

Andreas

0 Helpful

Go to solution
William Bell
VIP Alumni
VIP Alumni
In response to awinter2

‎06-24-2011 12:00 AM

Andreas,

Thanks for the rapid response. So, if I had the following configuration:

Server address: myad.netcraftsmen.net  (assuming that is the DNS zone for my AD)

Server address resolution: SRV

Port: 636

Encryption: yes

Then the VCS will query DNS for an SRV record: _ldap._tcp.myad.netcraftsmen.net? And then negotiate a secure connection?

I just want to make sure I follow.

Regards,

Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

0 Helpful

Go to solution
awinter2
Level 7
Level 7
In response to William Bell

‎06-24-2011 12:01 AM

Yes that is correct William.

0 Helpful

Go to solution
William Bell
VIP Alumni
VIP Alumni
In response to awinter2

‎06-24-2011 12:06 AM

OK. Well, thanks again!

Regards,

Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

0 Helpful
Customers Also Viewed These Support Documents