02-25-2021 05:28 AM
I'm running Firepower 1010 with ftd of 6.6.1-91. And have problem with setup Identity source with OpenLDAP for RA VPN.
What I do.
What I want.
What I get.
Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 fd=18 ACCEPT from IP=FIREPOWER_IP (IP=0.0.0.0:389) Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 op=0 BIND dn="cn=user,dc=org" method=128 Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 op=0 BIND dn="cn=user,dc=org" mech=SIMPLE ssf=0 Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 op=0 RESULT tag=97 err=0 text= Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 op=1 UNBIND Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 fd=18 closed
If I ssh to firepower and run `test aaa-server <...>` I have:
INFO: Attempting Authentication test to IP address (LDAPSERVER) (timeout: 12 seconds) ERROR: Authentication Server not responding: AAA Server has been removed
If I ssh to firepower and run `ldapsearch LDAPSERVER 389 <...>` I see proper output
ldap_initialize( ldap://LDAPSERVER:389 ) Enter LDAP Password: filter: (objectclass=*) requesting: * # extended LDIF # # LDAPv3 # base <%ou=base,dc=dn%> with scope subtree # filter: (objectclass=*) # requesting: * #
And so on (cn, dn, userName etc).
What am I missing?
02-25-2021 05:50 AM
I'd just read clear ldap was added only in fdm 6.7 (not recommended still). Is it true? Need i reformat my ldap scheme in some cisco manner (whatever it is) or something?
02-25-2021 06:01 AM
I've checked my FDM running 6.7, unfortunately LDAP is not an option as an Identity Source.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: