«

Hi everybody,
I'm setting up an authentication system for an intranet, and I have some
problems configuring it, I hope someone can help me out.

We're using Cisco ACS Secure Server 3.2, and we want to perform the
authentications over our LDAP server (actually, it is a virtual LDAP, from
Radiant Logic, we have to deal with several data sources).

The LDAP server is running fine, I tested it with a Java client, and it
works both with SSL and with clear-text connections.

With the Cisco ACS I made it to perform clear-text authentications, but when
it comes to setting it up to use SSL it seems I can't find a way to have it
run...

ACS requires a copy of the LDAP server's cert7.db to connect to it through
SSL. Since my LDAP server is not Netscape, it doesn't provide any cert7.db
file. So I downloaded the NSS tools (a 2002 version, since the last ones are
generating cert8.db, and ACS won't accept it).
Using the tools created a db file, and stuffed my certificate into it
(giving it "TC" trust arguments for SSL authentications), but ACS is still
not working...
When I try to authenticate it fails, and the reports just say "External DB
reports error condition". I checked the logs of my LDAP server, and it seems
it correctly receives a bind (I can see "connect/disconnect" pairs on the
SSL port each time ACS tries to authenticate the user).

Does anybody have a clue on what could be the cause for this problem?
I really don't know what to do about it...

Silvio Arcangeli