Authentication Overview - Cisco 4700M Configuration Manual

Chapter 2 Configuring Authentication and Accounting Services
AAA Overview
The LDAP client (the ACE) requests user authentication with the LDAP server
and retrieves the user profile by requesting a search through the directory database
maintained by the server. The LDAP server maintains a directory of entries, which
are arranged into a hierarchical structure called the Directory Information Tree
(DIT).
The LDAP client performs operations on the directory data. LDAP allows you to
search the directory for data that meets the arbitrary user-specified criteria. You
can specify which part of the directory to search and what information to return.
A search filter that uses Boolean conditions specifies the directory data that
matches the search.
The ACE does not support update, compare, and cancel operations with the LDAP
Note
server. In addition, the ACE does not support an unsolicited notification from the
LDAP server. Supported messages include bindRequest, bindResponse,
unbindRequest, searchRequest, searchResEntry, and searchResDone.

Authentication Overview

Authentication allows you to control user access to the ACE CLI by requiring
specification of a valid username and password. You can access the ACE CLI
through the console port or by a Telnet or SSH session. For each management
access path to the ACE, you can configure one or more of the following security
control options: local database, remote (RADIUS, TACACS+, or LDAP), or no
password verification.
The host is prompted by the ACE to provide a valid username and password. After
the designated RADIUS, TACACS+, or LDAP server authenticates the username
and password, the ACE provides access rights to the user.
Cisco 4700 Series Application Control Engine Appliance Security Configuration Guide
2-7
OL-16202-01