04-05-2021 12:27 AM - edited 07-05-2021 01:05 PM
Dear Community,
We have configuration problem on WLC 9800 LDAP servers.
Configuration LDAP servers it is:
Server Information for DCxx
================================
Server name :DCxx
Server Address :x.x.x.x
Server listening Port :389
Bind Root-dn :bot0024@domain.com
Server mode :Non-Secure
Cipher Suite :0x00
Authentication Seq :Search first. Then Bind/Compare password next
Authentication Procedure:Bind with user password
Base-Dn :DC=xxxx,DC=xx
Object Class :UserPrincipalName
Object Class :Person
Object Class :sAMAccountName
Request timeout :30
Deadtime in Mins :0
State :ALIVE
The user arrives to AD tree but the query on this doesn´t find anything...
Please Help.
04-05-2021 02:16 AM
there are two search one is
CN
other is
SAMAccountName
here you search for SAMAccountName but I think the LDAP is config with CN only.
04-05-2021 06:40 AM
Dear MHM
I´m trying with differents objects. Now I have in Base-Dn -> CN=Users,DC=xxx,DC=xx
And Oject class -> UserPrinciapName
but It isn´t work anyway...
Do you have some suggest?
Thanks for your Help
04-05-2021 07:06 AM - edited 04-06-2021 05:17 AM
...
04-06-2021 05:19 AM
Base DN like example above is
CN:User,DC:TAC,DC:ottawa,DC:forwent,DC:com
so depend on your AD if you user CN:User you can use it with DN base
04-06-2021 05:21 AM
there is two different
CN
and
sAMAccountName
this depend on the AD.
I share the photo of where we use CN or sAMAccountName
04-06-2021 06:40 AM
Dear,
Your help is being so usefull. Thanks a lot.
I shared with you how is the LDAP Server configuration now:
Server Information for DC01
================================
Server name :DC01
Server Address :xx.x.xx.xxx
Server listening Port :389
Bind Root-dn :bot0024
Server mode :Non-Secure
Cipher Suite :0x00
Authentication Seq :Search first. Then Bind/Compare password next
Authentication Procedure:Bind with user password
Base-Dn :DC=xxxx,DC=xx
Object Class :Person
Attribute map :AttName
Request timeout :30
Deadtime in Mins :0
State :ALIVE
No. of active connections :0
where "attName" is: Map: AttName
sAMAccountName String username
but doesn´t work...
I attach Photo with GUI configuration for more help.
Thanks for your help
04-06-2021 06:42 AM
bind username have to do privilege permissions or only Read permissions?
Regards
04-06-2021 08:06 AM
Bind user name is full as it enter in AD.
04-09-2021 01:05 AM
Dear MHM,
The problem is more difficult like we thounght. Is relationed with: https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv11813
As Cisco Engineer mentioned to us. WLC search the user by cn=Name. Not by sAMAccountName or UserPrincipalName
an example with Wireshark Capture:
48420 259.244042 xx.x.xxx.xx xx.x.xxx.xx LDAP xxx searchResEntry(3) "CN=Pepe Rodriguez Cisco,OU=Partner,OU=PROVEEDORES,OU=Usuarios,DC=LABCISCO,DC=COM" | searchResDone(3) success [2 results]
Our Bind User arrvies to AD tree but with this bug cannot validate well the users... We wait to solve this bug ASAP
Thanks for all
04-09-2021 04:25 AM
As I mention before, WLC use CN not sAMAccountName.
But
we can make it work even with sAMAccountName by config AD with login Name and make User use this login Name.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: