User Management
Configuring User Authentication Settings
Cisco ISA500 Series Integrated Security Appliances Administration Guide 398
Using LDAP for User Authentication
The security appliance can use the LDAP directory for user authentication, with
support of three schemes including Microsoft Active Directory, RFC2798
InterOrgPerson, and RFC2307 Network Information Service.
STEP 1 Click Users > User Authentication.
STEP 2 Choose LDAP as the authentication method.
STEP 3 Click Configure to configure the LDAP settings.
STEP 4 In the Settings tab, enter the following information:
• IP Address: Enter the IP address of the LDAP server.
• Port Number: Enter the listening IP port number used on the LDAP server.
Typically, non-secure connections use 389 and secure connections use 636.
The default is 389.
• Server Timeout: Enter the amount of time in seconds that the security
appliance will wait for a response from the LDAP server before timing out.
The default value is 5 seconds.
The security appliance will retry to log in to the LDAP server if there is no
response from the LDAP server after the timeout. For example, if the server
timeout is set as 5 seconds and there is no response from the LDAP server
after 5 seconds, the security appliance will then retry to log in to the LDAP
server 5 seconds later.
• Login Method: Choose one of the following login methods:
- Anonymous Login: Choose this option if the LDAP server allows for the
user tree to be accessed anonymously.
- Give Login Name or Location in Tree: Choose this option if the
distinguished name that is used to bind to the LDAP server is built from
the Primary Domain and User Tree for Login to Server fields in the
Directory tab.
- Give Bind Distinguished Name: Choose this option if the destination
name is known. You must provide the destination name explicitly to be
used to bind to the LDAP server.
• Login User Name: If you choose Give Login Name or Location in Tree or
Give Bind Distinguished Name as the login method, enter the user
distinguished name of the account that can log into the LDAP server.