I'm running Firepower 1010 with ftd of 6.6.1-91. And have problem with setup Identity source with OpenLDAP for RA VPN.
What I do.
- Add new AD Identity realm.
- Fill Name, Directory username in dn notation (cn=user,dc=org...), Directory password, Base DN, ip address. No encryption, AD domain filled with random string.
- I have already setupped slapd server (which was earlier used with ASA 5508 without problems).
What I want.
- Press Test and obtain all green checked.
What I get.
- Green check with "Realm is available for Identity policies."
- Red cross with "Cannot connect to realm for RA VPN. ERROR: Authentication Server not responding"
- Ldap server says:
Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 fd=18 ACCEPT from IP=FIREPOWER_IP (IP=0.0.0.0:389)
Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 op=0 BIND dn="cn=user,dc=org" method=128
Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 op=0 BIND dn="cn=user,dc=org" mech=SIMPLE ssf=0
Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 op=0 RESULT tag=97 err=0 text=
Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 op=1 UNBIND
Feb 25 20:04:11 ldapserver slapd[4718]: conn=1009 fd=18 closed
If I ssh to firepower and run `test aaa-server <...>` I have:
INFO: Attempting Authentication test to IP address (LDAPSERVER) (timeout: 12 seconds)
ERROR: Authentication Server not responding: AAA Server has been removed
If I ssh to firepower and run `ldapsearch LDAPSERVER 389 <...>` I see proper output
ldap_initialize( ldap://LDAPSERVER:389 )
Enter LDAP Password:
filter: (objectclass=*)
requesting: *
# extended LDIF
#
# LDAPv3
# base <%ou=base,dc=dn%> with scope subtree
# filter: (objectclass=*)
# requesting: *
#
And so on (cn, dn, userName etc).
What am I missing?
