beautypg.com

Cisco 3.3 User Manual

Page 526

background image

Chapter 13 User Databases

Generic LDAP

13-42

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Port—The TCP/IP port number on which the LDAP server is listening.
The default is 389, as stated in the LDAP specification. If you do not
know the port number, you can find this information by viewing those
properties on the LDAP server. If you want to use secure authentication,
port 636 is usually used.

LDAP Version—Whether Cisco Secure ACS uses LDAP version 3 or
version 2 to communicate with your LDAP database. If this check box is
selected, Cisco Secure ACS uses LDAP version 3. If it is not selected,
Cisco Secure ACS uses LDAP version 2.

Security—Whether Cisco Secure ACS uses SSL to provide more secure
communication with the LDAP server. If you do not enable SSL, user
credentials are passed to the LDAP server in clear text.

Certificate Database Path—The path to the

cert7.db

file. This file

must contain the certificates for the server to be queried and the trusted
CA. You can use a Netscape web browser to generate

cert7.db

files. For

information about generating a

cert7.db

file, refer to Netscape

documentation.

To perform secure authentication using SSL, you must provide a

cert7.db

certificate database file. Cisco Secure ACS requires a

certificate database so that it can establish the SSL connection. The
certificate database must be local to the Cisco Secure ACS Windows
server.

Cisco Secure ACS requires a

cert7.db

certificate database file for each

LDAP server you configure. For example, to support users distributed in
multiple LDAP trees, you could configure two LDAP instances in
Cisco Secure ACS that would communicate with the same LDAP servers.
Each LDAP instance would have a primary and a secondary LDAP
server. Even though the two LDAP configurations share the same
primary server, each LDAP configuration requires that you download a
certificate database file to Cisco Secure ACS.

Note

The database must be a

cert7.db

certificate database file. No other

filename is supported.