Table of Contents
Advertisement
Chapter 11
Working with User Databases
Step 9
To enable Cisco Secure ACS to direct LDAP authentications by filtering on the
end of a username, follow these steps:
a.
b.
c.
d.
In the User Directory Subtree box, type the following:
Step 10
o=
where subtree is the tree in which all of your users are located. This is configured
when you set up your LDAP database. For more information, refer to your LDAP
database documentation.
Note
Step 11
In the Group Directory Subtree box, type the following:
o=
where subtree is the tree in which all of your groups are located. This can be the
same location as the user subtree, entered in the User Directory Subtree box. This
is configured when you set up your LDAP database. For more information, refer
to your LDAP database documentation.
78-13751-01, Version 3.0
From the Filter Domains list, select Suffix.
In the Domain Markup box, type the string of characters that a username must
end with in order for Cisco Secure ACS to use this LDAP configuration for
authentication.
For example, if users to be authenticated by this LDAP configuration submit
a username that ends with "@mydomain.com", such as
stanley@mydomain.com or mwiliams@mydomain.com, in the Domain
Markup box, type @mydomain.com.
To remove from the end of the username the characters defined in the Domain
Markup box before submitting it to the LDAP database, select the Strip
Markup check box.
To pass the username to the LDAP database without removing the characters
defined in Domain Markup, clear the Strip Markup check box.
subtree
Your users could be located under an organizational unit rather than
an organization. If this is the case, type ou= subtree in the User
Directory Subtree.
subtree
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
Generic LDAP
11-21
Advertisement
Table of Contents
Troubleshooting
