Cisco Duo Proxy
An Edgenexus App User Guide
×
Menu

Primary LDAP Server

5.     In the Primary LDAP Server section shown below, fill in the LDAP server hostname or IP address, together with the Port. Typically the port number is 389 for clear text LDAP and STARTTLS, and 636 for LDAPS.
6.     Select the Transport Type according to your network infrastructure.
7.     Click on the Add Certificate button in the SSL Certificate section, and upload your LDAP server certificate if you use STARTTLS or LDAPS encrypted access. The certificate must be in PEM format and contain the FULL chain of certification, including the CA ROOT and all intermediate certificates. Please see "How do I export a complete issuing certificate chain for LDAPS authentication with Active Directory?" linked here for further information.
8.     In cases where you have specified the LDAP server using its IP address or the hostname used does not match the name used in the SSL certificate, you will have to uncheck the Verify Hostname checkbox. Note, however, that this will reduce the security guarantees provided by SSL/TLS. Disabling the Verify Hostname check may also be required when the Transport Type is set to Clear.
9.     We recommend creating a dedicated read-only access account on the LDAP server to use the CDAP when searching for users listed in the Directory.
10.     Once done, or if a suitable username is present, provide the username, password, and the base DN as shown in the example below.
11.     Next, set the Authentication type to Plain LDAP as this is the type compatible with the EdgeADC. If this does not work for you, please try the other types before contacting Support. Please also specify the BIND DN parameter. This value is typically the full LDAP distinguished name of the account permitted to read from the Directory and the name you specified in the Search Username field.
12.     You can also specify the Username Attribute value if your LDAP server's username attribute name is different from the commonly used sAMAccountName and UID user attribute names.