Buy or Renew
Buy or Renew
This forum is no longer in read-only mode. See this post for updates
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
965
Views
0
Helpful
4
Replies

ldap over SSL ASA->Windows Server 2012 or 2016

Oleg Volkov
Spotlight
Spotlight

‎03-24-2020 10:40 AM

Hi!

Please help me.

I try to config aaa-server ldap over ssl like:

aaa-server ADSECURE host 10.xx.xx.xx
server-port 636
ldap-base-dn DC=xxx,DC=local
ldap-group-base-dn DC=xxx,DC=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password xxxxxxxxxxxxxxxx
ldap-login-dn CN=xxxx,OU=xxx,OU=xxx,DC=xxx,DC=local
ldap-over-ssl enable
server-type microsoft
ldap-attribute-map xxxxx

 

But it work only with 389 and not over ssl.

What I do wrong?

Thank You!

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
Labels:
0 Helpful
4 Replies 4

Francesco Molino
VIP Alumni
VIP Alumni

‎03-24-2020 07:15 PM

Hi

I believe, before starting the configuration on asa, you tested the ldaps connection to your Microsoft server using a ldap browser?
Have you imported the CA certificate into your asa to ensure the ssl handshake?

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Oleg Volkov
Spotlight
Spotlight
In response to Francesco Molino

‎03-25-2020 09:57 AM

Hi

How I must import certificate? and it must be with private key or only CA?

 

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
0 Helpful

Francesco Molino
VIP Alumni
VIP Alumni
In response to Oleg Volkov

‎03-25-2020 07:11 PM

Hi
Just the CA certificate, no need of the private key.

Here a link that includes some screenshots using asdm:
https://www.entrustdatacard.com/knowledgebase/how-is-the-trusted-root-certificate-installed-on-a-cisco-asa-appliance


Sorry I'm not able to make some screenshots of my own right now.

Thanks
Francesco
PS: Please don't forget to rate and select as validated answer if this answered your question
0 Helpful

Oleg Volkov
Spotlight
Spotlight
In response to Francesco Molino

‎04-03-2020 07:04 AM

Problem with ssl encryption

work with any combination without dhe-*

--------------------------------------------------------------------------

Helping seriously ill children, all together. All information about this, is posted on my blog
0 Helpful
Customers Also Viewed These Support Documents