Scribd
Upload
149 views1 page

02 - Configure LDAP Integration

This document summarizes the steps to configure LDAP integration in Cisco ISE. It describes adding LDAP as an external identity source, selecting the Active Directory schema, configuring the connection details including the LDAP server, port and credentials. It also covers searching for user and group objects within the LDAP tree structure and testing the LDAP connection. Finally, it explains how the new LDAP identity source can now be selected as part of an ISE authentication policy to validate credentials and retrieve attributes from the LDAP server.

Uploaded by

Nguyen Le
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
149 views1 page

02 - Configure LDAP Integration

This document summarizes the steps to configure LDAP integration in Cisco ISE. It describes adding LDAP as an external identity source, selecting the Active Directory schema, configuring the connection details including the LDAP server, port and credentials. It also covers searching for user and group objects within the LDAP tree structure and testing the LDAP connection. Finally, it explains how the new LDAP identity source can now be selected as part of an ISE authentication policy to validate credentials and retrieve attributes from the LDAP server.

Uploaded by

Nguyen Le
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as TXT, PDF, TXT or read online on Scribd
You are on page 1/ 1

In this session, we're going to be configuring LDAP integration for ISE.

We'll
start like we did with Active Directory integration by utilizing the Work Centers.
And again, where this helps us get some general basic information to get started
with, it also gives us some nice shortcuts to access things. Here, we're looking
for External Identity Sources. We can see our previous integration for Active
Directory is still in place. And here, we're going to select LDAP.
And clicking on Add, a slightly different concept than a join point. We're getting
much more of a client-server relationship between ISE and the LDAP server. Here,
we're going to put in a label. And again, this label, as it's created here, will
get added to the dictionary for ISE and can be utilized for policy building. And
then notice that LDAP support on ISE provides directory schemas for Active
Directory, Sun Directory, and Novell eDirectory.
Here, we're going to select Active Directory. In the case of our lab, this makes a
nice convenient resource. That Active Directory server can be accessed via LDAP and
provides a nice alternative access to an Active Directory join point in the event
that your PSN needs to have network translation in order to reach an identity
source, or possibly the number of ports that are required are a restriction of some
sort. LDAP requires just one port for authentication, where Active Directory
requires a full suite of ports.
OK. And then we'll supply the connection information. Notice the standard port
reference. And we'll want to select the authenticated access, so we can dig deeper
and retrieve more attributes. And for that, we need to supply the Active Directory
credentials. And of course, LDAP needs to have some more specifics in terms of the
distinguished name that's being utilized.
And we need to provide a search space for LDAP client lookup LDAP object lookup.
Where exactly in the tree structure for LDAP are we going to begin searching for
user and group objects? And from the search space, it can only look downward but
not upward within that directory structure. In this case, we can do a lookup based
on the information that we've already supplied. And it will do a search for the OUs
that are available there. In this case, we'll select the top of the tree for our
small lab environment, and then likewise for the group search space.
And back to the connection tab, we can test this connection. And we've got success
with the administrative or admin distinguished name. That user ID and password
combination are working. And we see a rough approximization of the response time to
interact with Active Directory over LDAP.
OK. Now, we'll do in a similar operation that we did with the Active Directory join
point. We'll add groups. And we can search in the directory for those. In this
case, we're just going to select the Contractors group. This will be added to the
ISE dictionary for policy building. And then we'll add attributes for a particular
user as well.
And notice we've got identical attributes that are listed, as we saw under Active
Directory. In this case, we'll just select userPrincipalName. And we've got all our
information entered in at this point for LDAP. And we should be able to
successfully submit that.
All right. So just in a quick fashion, we added LDAP as an alternate external
identity source, in addition to Active Directory. Either one of these individual
identity sources now can be selected as part of an authentication policy, in that
we could drive authentication towards either the same external identity source as
we are, in this case using different protocols to get there, or different ones. And
this is what the authentication policy ultimately will drive us for, selecting one
or more external or internal identity sources to be able to validate credentials
and retrieve additional attributes from that interaction with that identity source.
.

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy