Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Using Cisco ACS to authenticate against LDAP through SSL (http://www.velocityreviews.com/forums/t29613-using-cisco-acs-to-authenticate-against-ldap-through-ssl.html)

Silvio Arcangeli 10-20-2003 11:08 AM

Using Cisco ACS to authenticate against LDAP through SSL
 
Hi everybody,
I'm setting up an authentication system for an intranet, and I have some
problems configuring it, I hope someone can help me out.

We're using Cisco ACS Secure Server 3.2, and we want to perform the
authentications over our LDAP server (actually, it is a virtual LDAP, from
Radiant Logic, we have to deal with several data sources).

The LDAP server is running fine, I tested it with a Java client, and it
works both with SSL and with clear-text connections.

With the Cisco ACS I made it to perform clear-text authentications, but when
it comes to setting it up to use SSL it seems I can't find a way to have it
run...

ACS requires a copy of the LDAP server's cert7.db to connect to it through
SSL. Since my LDAP server is not Netscape, it doesn't provide any cert7.db
file. So I downloaded the NSS tools (a 2002 version, since the last ones are
generating cert8.db, and ACS won't accept it).
Using the tools created a db file, and stuffed my certificate into it
(giving it "TC" trust arguments for SSL authentications), but ACS is still
not working...
When I try to authenticate it fails, and the reports just say "External DB
reports error condition". I checked the logs of my LDAP server, and it seems
it correctly receives a bind (I can see "connect/disconnect" pairs on the
SSL port each time ACS tries to authenticate the user).

Does anybody have a clue on what could be the cause for this problem?
I really don't know what to do about it...

Silvio Arcangeli




All times are GMT. The time now is 06:04 AM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.