«

Has anyone had success having an ASA 5500 use an openLDAP server as an
aaa-server? I've read what I could, all of it relating to
ActiveDirectory and have tried several configurations with no success.
It seems suggested that I would work, when I run openLDAP in debug
mode I see the connections and name lookups but the ASA always fails.

The openLDAP server is currently servicing other applications just
fine, apache, pam, and a couple of others. The problem must be with
the ASA.

What am I missing?

Thanks

wrote:
> Has anyone had success having an ASA 5500 use an openLDAP server as an
> aaa-server? I've read what I could, all of it relating to
> ActiveDirectory and have tried several configurations with no success.
> It seems suggested that I would work, when I run openLDAP in debug
> mode I see the connections and name lookups but the ASA always fails.
>
> The openLDAP server is currently servicing other applications just
> fine, apache, pam, and a couple of others. The problem must be with
> the ASA.
>
> What am I missing?
>
> Thanks

What version of code are you running. I first *tried* to configure LDAP
with code 7.11 and it just would not work, opened a TAC case and was
told to jump to atleast 7.12 once I did that the LDAP config to an
active directory server went with no problems.

Thanks...

Chad

On 29 Jun 2006 14:11:29 -0700, "Chad Mahoney" <>
wrote:

>
> wrote:
>> Has anyone had success having an ASA 5500 use an openLDAP server as an
>> aaa-server? I've read what I could, all of it relating to
>> ActiveDirectory and have tried several configurations with no success.
>> It seems suggested that I would work, when I run openLDAP in debug
>> mode I see the connections and name lookups but the ASA always fails.
>>
>> The openLDAP server is currently servicing other applications just
>> fine, apache, pam, and a couple of others. The problem must be with
>> the ASA.
>>
>> What am I missing?
>>
>> Thanks
>
>What version of code are you running. I first *tried* to configure LDAP
>with code 7.11 and it just would not work, opened a TAC case and was
>told to jump to atleast 7.12 once I did that the LDAP config to an
>active directory server went with no problems.
>
>Thanks...
>
>Chad

Thanks for the reply.

My show ver begins as follows, I'm guessing I'm already on 7.12?

Cisco Adaptive Security Appliance Software Version 7.1(2)
Device Manager Version 5.1(2)

Compiled on Tue 14-Mar-06 17:00 by dalecki
System image file is "disk0:/asa712-k8.bin"
Config file at boot was "startup-config"

radasa up 2 days 7 hours

Hardware: ASA5510, 256 MB RAM, CPU Pentium 4 Celeron 1600 MHz
Internal ATA Compact Flash, 64MB
BIOS Flash M50FW080 @ 0xffe00000, 1024KB


When I test using the java interface, and debug ldap and aaa, debug
says authentication passed it then gets user attributes and the gui
says test failed. No additional debug information is provided, like
what ldap attribute it didn't find or like.

I can't find anything that would describe required ldap fields or at
least required ldap attribute maps.