Cisco
Login
Search
Software Secure Workload
Activity Configure

Configure and Manage Connectors for Secure Workload What are Connectors Configuration Management on Connectors and Virtual Appliances Discovery LDAP Configuration

Last updated: Jun 09, 2025

LDAP Configuration

LDAP configuration specifies how to connect to LDAP, what is the base Distinguished Name (DN) to use, what is the attribute that corresponds to username, and what attributes to fetch for each username. LDAP attributes are properties of LDAP that are specific to that environment.

Given the configuration of how to connect to LDAP and the base DN, it is possible to discover the attributes of users in LDAP. These discovered attributes can then be presented to the user in the UI. From these discovered attributes, the user selects the attribute that corresponds to the username and a list of up to six attributes to collect for each username from LDAP. As a result, this eliminates the manual configuration of the LDAP attributes and reduces errors.

Here are the detailed steps for creating LDAP configuration through discovery.

Procedure

1

Start the LDAP Configuration

Initiate an LDAP configuration for the connector.

Start the LDAP configuration discovery
Figure 1: Start the LDAP Configuration Discovery
2

Provide Basic LDAP Configuration

Specify the basic configuration for connecting to LDAP. In this configuration, the users provide the LDAP Bind DN or username to connect to LDAP server, LDAP password to use to connect to LDAP server, LDAP server address, LDAP server port, Base DN to connect to, and a filter string to fetch users that match this filer.

Parameter Name

Type

Description

LDAP Username

string

LDAP username or bind DN to access LDAP server *

LDAP Password

string

LDAP password for the username to access LDAP server *

LDAP Server

string

LDAP server address

LDAP Port

number

LDAP server port

Use SSL

checkbox

Should the connector connect to LDAP securely? Optional. Default is false.

Verify SSL

checkbox

Should the connector verify LDAP cert? Optional. Default is false.

LDAP Server CA Cert

string

Server CA certificate. Optional.

LDAP Server Name

string

Servername for which the LDAP cert is issued (mandatory if Verify SSL is checked.

LDAP Base DN

string

LDAP base DN, the starting point for directory searches in LDAP

LDAP Filter String

string

LDAP filter prefix string. Filter the search result that match only this condition.

Snapshot Sync Interval (in hours)

number

Specify the time interval in hours to (re)create LDAP snapshot. Optional. Default is 24 hours.

Use Proxy to reach LDAP

checkbox

Should the connector use proxy server to access LDAP server?

Proxy Server to reach LDAP

string

Proxy server to access LDAP

Minimum user permissions needed to configure LDAP on Connectors is a standard domain User.

Initial LDAP configuration
Figure 2: Initial LDAP configuration
3

Discovery in Progress

Once the user clicks Next, this configuration is send to the connector. The connector establishes a connection with LDAP server using the given configuration. It fetches up to 1000 users from LDAP server and identifies all the attributes. Furthermore, it computes a list of all the single-valued attributes are common across all 1000 users. The connector returns this result back to Secure Workload.

Discovery in progress
Figure 3: Discovery in Progress
4

Enhance the Configuration with Discovered Attributes

The user has to pick which attribute corresponds to username and select up to six attributes that the connector has to fetch and snapshot for each user in the organization (i.e., users matching the filter string). This action is performed using a dropdown of list of discovered attributes. Thus, eliminating manual errors and misconfiguration.

Parameter Name

Type

Description

LDAP Username Attribute

string

LDAP attribute that contains the username

LDAP Attributes to Fetch

list of strings

List of LDAP attributes that should be fetched for a user
Discovered LDAP attributes
Figure 4: Discover LDAP Attributes
Figure 5: Identify username attribute and attributes to collect for each username
5

Finalize, Save, and Apply the Configuration

Finally, the configuration is completed by clicking Save and Apply Changes.

Identify username attribute and attributes to collect for each username Complete LDAP configuration discovery and commit
Figure 6: Complete LDAP Configuration Discovery and Commit

The connector receives the completed configuration. It creates a local snapshot of all users matching the filter string and fetches only the selected attributes. Once the snapshot is completed, the connector services can start using the snapshot for annotating users and their LDAP attributes in inventories.

Allowed Secure Workload virtual appliances: None

Allowed connectors: AnyConnect, ISE, and F5.


 

LDAP configuration has been migrated to Identity Connector.
Previous topic Discovery Next topic Remove