Configure the LDAP Settings for Write Access

The "write access" configuration is only available for Active Directory deployments where the Global Catalog is activated.

This procedure explains how to specify a particular LDAP directory for "LDAP write operations" performed in the Administration Console.

The LDAP directory defined in the main Console options dialog box is the default for all read operations (for example, the Global Catalog).

The AAA Administration Console "LDAP write operations" are:

  • Device assignment
  • Device un-assignment
  • Device replacement
  1. Select Tools, then click Options. The AAA Server Administration Console Options window is displayed.

  2. In the Connections settings section, click Alt Settings .....

  3. Select Use these specific LDAP settings for LDAP write operations.

    If the option is unchecked, the default LDAP directory is used for both LDAP read and write operations.

  4. Define the LDAP "write" connection settings and test them.

    Setting Description
    Host Enter the IP address or hostname of the server where your LDAP directory resides. If you are using multiple LDAPs, separate the server identifiers by a space.
    Port Enter the LDAP directory server’s listening port (default value is 389).
    LDAPS
    connection

    To connect to your LDAP server via SSL, select this option and specify the path of the trusted certificate .cer file. This must also be specified in the server configuration.

    Note: The CN attribute in the certificate must match exactly the "Host" defined above. For example, if the host name CN in the certificate is "host.company.com", the Host defined above must also be "host.company.com".

    Login DN

    Enter the connection name for the AAA Server to use to authenticate to the LDAP directory (only if you have a protected directory).

    This user must have write permission to be able to store the device serial numbers in the directory.

    Password

    Enter the password for the Login DN

    Note: The maximum password length is 24 characters.
    5. Note: The AAA Server Administration database communicates with your LDAP server via LDAP queries for groups of users. So you must create groups in the AAA Server Administration Console. The Administration Console creates these groups based on your LDAP architecture. The AAA Server groups can be the same groups as you already have created in LDAP, or they can be a mix of what you already have, plus new attributes.
  1. Click OK to return to the Console options.