ASA5500 OpenLDAP AAA Server

- N
- nobody
  
  Contact options for registered users
posted
17 years ago

Thu, Jun 29, 2006 1:02 AM

Has anyone had success having an ASA 5500 use an openLDAP server as an aaa-server? I've read what I could, all of it relating to ActiveDirectory and have tried several configurations with no success. It seems suggested that I would work, when I run openLDAP in debug mode I see the connections and name lookups but the ASA always fails.

The openLDAP server is currently servicing other applications just fine, apache, pam, and a couple of others. The problem must be with the ASA.

What am I missing?

Thanks

- C
- Chad Mahoney
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Thu, Jun 29, 2006 9:11 PM

What version of code are you running. I first *tried* to configure LDAP with code 7.11 and it just would not work, opened a TAC case and was told to jump to atleast 7.12 once I did that the LDAP config to an active directory server went with no problems.

Thanks...

Chad

- N
- nobody
  
  Contact options for registered users
Vote on answer
posted
17 years ago

Sat, Jul 1, 2006 5:39 AM

Thanks for the reply.

My show ver begins as follows, I'm guessing I'm already on 7.12?

Cisco Adaptive Security Appliance Software Version 7.1(2) Device Manager Version 5.1(2)

Compiled on Tue 14-Mar-06 17:00 by dalecki System image file is "disk0:/asa712-k8.bin" Config file at boot was "startup-config"

radasa up 2 days 7 hours

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz Internal ATA Compact Flash, 64MB BIOS Flash M50FW080 @ 0xffe00000, 1024KB

When I test using the java interface, and debug ldap and aaa, debug says authentication passed it then gets user attributes and the gui says test failed. No additional debug information is provided, like what ldap attribute it didn't find or like.

I can't find anything that would describe required ldap fields or at least required ldap attribute maps.