LDAP
Cisco Cyber Vision can delegate user authentication to external services using LDAP (Lightweight Directory Access Protocol), and in particular to Microsoft Active Directory services.
You can enable LDAP authentication in the LDAP Settings administration page.
Configuring LDAP:
LDAP integration can be done through normal connection or securely by using certificates depending on the installation compatibility.
Mapping Cisco Cyber Vision roles with Microsoft Active Directory groups:
User groups available in the external directory can be mapped to Cisco Cyber Vision Product, Operator and Auditor user roles or custom roles. Refer to Role Management to create custom roles.
Because the Admin user role is exclusively reserved for Cisco Cyber Vision internal usage, it cannot be mapped to any external users and thus is not proposed in LDAP settings.
Testing LDAP connection:
After setting up LDAP, the connection between the Cisco Cyber Vision Center and the external directory is to be tested. On the LDAP test connection window, you will use a user login and a password set in the external directory. The Center will attempt to authenticate on the directory server with these credentials. In return, you will get either a successful authentication, or a failed one with an error message.
Login in Cisco Cyber Vision:
When logging into Cisco Cyber Vision, the login format used will determine the base (i.e. internal or external) to be queried:
-
If you use an email, the Cisco Cyber Vision database is queried.
-
If you use the Active Directory format <domain_name>\<user_name> (e.g. cisco\john_doe), then the external directory is used to authenticate users.
Configure LDAP
This section explains how to configure LDAP in Cisco Cyber Vision using a normal connection or a secure connection.
Procedure
|
Step 1 |
In Cisco Cyber Vision, navigate to Admin > External Authentication > LDAP. |
|
Step 2 |
Click New Settings. The New LDAP Settings window pops up.  |
What to do next
Configure LDAP using a normal connection or a secure connection.
LDAP normal connection
After clicking the New Settings button, the following New LDAP Settings window pops up.
Before you begin
Procedure
|
Step 1 |
Fill in the LDAP settings.  |
||
|
Step 2 |
Click the Role Mapping tab. |
||
|
Step 3 |
Fill in the following fields:  |
||
|
Step 4 |
Click OK. |
||
|
Step 5 |
Click the Test connection button.  The Test Connection window pops up.  |
||
|
Step 6 |
Enter a user credentials to test the connection between Cisco Cyber Vision and Active Directory.
A message Successful LDPA bind should appear. |
||
|
Step 7 |
Click OK. |
||
|
Step 8 |
Test the connection by logging out of Cisco Cyber Vision and logging in with the mapped user credentials. |
Menus are displayed according to the rights granted to the user.
What to do next
LDAP secure connection
After clicking the New Settings button, the following New LDAP Settings window pops up.
Before you begin
Procedure
|
Step 1 |
Fill in the following fields: 
|
||
|
Step 2 |
Click OK. |
||
|
Step 3 |
Click the Role Mapping tab. |
||
|
Step 4 |
Fill in the following fields: |
||
|
Step 5 |
Click OK. |
||
|
Step 6 |
Click the Test connection button. The Test Connection window pops up. |
||
|
Step 7 |
Enter a user credentials to test the connection between Cisco Cyber Vision and Active Directory.
A message Successful LDPA bind should appear. |
||
|
Step 8 |
Click OK. |
||
|
Step 9 |
Test the connection by logging out of Cisco Cyber Vision and logging in with the mapped user credentials. |
Menus are displayed according to the rights granted to the user.
Feedback