Filter
Top Products
6-14
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 6 Agentless Host Support Configuration Scenario
Basic Configuration Steps for Agentless Host Support
• Common LDAP Configuration—Configure the settings in this section to specify how ACS queries
the LDAP database.
• Primary LDAP Server—Configure the settings in this section to specify the primary LDAP server.
• Secondary LDAP Server—Configure the settings in this section if you are setting up LDAP
failback.
Step 7 If you want to set up Domain Filtering, refer to the “Configuring a Generic LDAP External User
Database” section in Chapter 12 of the User Guide for Cisco Secure Access Server 4.2.
Step 8 Specify the common LDAP configuration
Figure 6-6 shows the Common LDAP Configuration section.
Figure 6-6 Common LDAP Configuration Section
You must specify:
• User Directory Subtree—Enter the distinguished name (DN) of the user directory subtree that
contains all users. In MAB configuration, the users are, in effect, host devices.
In the LDAP schema shown in Example 6-1, the DN of the User Directory Subtree is ou=MAC
Addresses, ou=MAB Segment, o=mycorp.
• Group Directory Subtree—Enter the DN for the group directory subtree that contains all user
groups as defined in your LDAP schema. In MAB configuration, the members of user groups are
actually groups of MAC addresses.
In the LDAP schema shown in Example 6-1, the DN of the group directory subtree is ou=MAC
Groups, ou=MAB Segment, o=cisco.
• UserObjectType— Enter the name of the user object type that is defined in your LDAP schema. In
the LDAP schema shown in
Example 6-1, the user object type is specified as macAddress.