02-25-2021 05:28 AM
I'm running Firepower 1010 with ftd of 6.6.1-91. And have problem with setup Identity source with OpenLDAP for RA VPN.
What I do.
What I want.
What I get.
Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 fd=18 ACCEPT from IP=FIREPOWER_IP (IP=0.0.0.0:389) Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 op=0 BIND dn="cn=user,dc=org" method=128 Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 op=0 BIND dn="cn=user,dc=org" mech=SIMPLE ssf=0 Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 op=0 RESULT tag=97 err=0 text= Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 op=1 UNBIND Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 fd=18 closed
If I ssh to firepower and run `test aaa-server <...>` I have:
INFO: Attempting Authentication test to IP address (LDAPSERVER) (timeout: 12 seconds) ERROR: Authentication Server not responding: AAA Server has been removed
If I ssh to firepower and run `ldapsearch LDAPSERVER 389 <...>` I see proper output
ldap_initialize( ldap://LDAPSERVER:389 ) Enter LDAP Password: filter: (objectclass=*) requesting: * # extended LDIF # # LDAPv3 # base <%ou=base,dc=dn%> with scope subtree # filter: (objectclass=*) # requesting: * #
And so on (cn, dn, userName etc).
What am I missing?
02-25-2021 05:50 AM
I'd just read clear ldap was added only in fdm 6.7 (not recommended still). Is it true? Need i reformat my ldap scheme in some cisco manner (whatever it is) or something?
02-25-2021 06:01 AM
I've checked my FDM running 6.7, unfortunately LDAP is not an option as an Identity Source.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide