Using Cisco ACS to authenticate against LDAP through SSL

Discussion in 'Cisco' started by Silvio Arcangeli, Oct 20, 2003.

  1. Hi everybody,
    I'm setting up an authentication system for an intranet, and I have some
    problems configuring it, I hope someone can help me out.

    We're using Cisco ACS Secure Server 3.2, and we want to perform the
    authentications over our LDAP server (actually, it is a virtual LDAP, from
    Radiant Logic, we have to deal with several data sources).

    The LDAP server is running fine, I tested it with a Java client, and it
    works both with SSL and with clear-text connections.

    With the Cisco ACS I made it to perform clear-text authentications, but when
    it comes to setting it up to use SSL it seems I can't find a way to have it
    run...

    ACS requires a copy of the LDAP server's cert7.db to connect to it through
    SSL. Since my LDAP server is not Netscape, it doesn't provide any cert7.db
    file. So I downloaded the NSS tools (a 2002 version, since the last ones are
    generating cert8.db, and ACS won't accept it).
    Using the tools created a db file, and stuffed my certificate into it
    (giving it "TC" trust arguments for SSL authentications), but ACS is still
    not working...
    When I try to authenticate it fails, and the reports just say "External DB
    reports error condition". I checked the logs of my LDAP server, and it seems
    it correctly receives a bind (I can see "connect/disconnect" pairs on the
    SSL port each time ACS tries to authenticate the user).

    Does anybody have a clue on what could be the cause for this problem?
    I really don't know what to do about it...

    Silvio Arcangeli
     
    Silvio Arcangeli, Oct 20, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Silvio Arcangeli

    Cisco Secure ACS and SSL LDAP

    Silvio Arcangeli, Oct 21, 2003, in forum: Cisco
    Replies:
    0
    Views:
    935
    Silvio Arcangeli
    Oct 21, 2003
  2. Replies:
    1
    Views:
    6,815
    www.BradReese.Com
    Jul 26, 2005
  3. DaveW
    Replies:
    1
    Views:
    3,001
    Vivek
    Oct 6, 2005
  4. chairuou
    Replies:
    0
    Views:
    526
    chairuou
    Oct 27, 2005
  5. robbanwh
    Replies:
    1
    Views:
    407
Loading...

Share This Page