Filter
Top Products
3-14
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 3 Configuring New Features in ACS 4.2
RSA Support on the ACS SE
Note The X box cannot contain the following special characters: the pound sign (#), the question
mark (?), the quote (“), the asterisk (*), the right angle bracket (>), and the left angle bracket
(<). ACS does not allow these characters in usernames. If the X box contains any of these
characters, stripping fails.
Step 10 Under Common LDAP Configuration, in the User Directory Subtree box, type the DN of the tree
containing all your users.
Step 11 In the Group Directory Subtree box, type the DN of the subtree containing all your groups.
Step 12 In the User Object Type box, type the name of the attribute in the user record that contains the username.
You can obtain this attribute name from your Directory Server. For more information, refer to your
LDAP database documentation.
Note The default values in the UserObjectType and following fields reflect the default configuration
of the Netscape Directory Server. Confirm all values for these fields with your LDAP server
configuration and documentation.
Step 13 In the User Object Class box, type the value of the LDAP objectType attribute that identifies the record
as a user. Often, user records have several values for the
objectType attribute, some of which are unique
to the user, while others are shared with other object types. Choose a value that is not shared.
Step 14 In the GroupObjectType box, type the name of the attribute in the group record that contains the group
name.
Step 15 In the GroupObjectClass box, type a value for the LDAP objectType attribute in the group record that
identifies the record as a group.
Step 16 In the GroupAttributeName box, type the name of the attribute of the group record that contains the list
of user records who are a member of that group.
Step 17 In the Server Timeout box, type the number of seconds that ACS waits for a response from an LDAP
server before determining that the connection with that server has failed.
Step 18 To enable failover of LDAP authentication attempts, check the On Timeout Use Secondary check box.
Step 19 In the Failback Retry Delay box, type the number of minutes after the primary LDAP server fails to
authenticate a user that ACS resumes sending authentication requests to the primary LDAP server first.
Note To specify that ACS should always use the primary LDAP server first, type zero (0) in the
Failback Retry Delay box.
Step 20 In the Max. Admin Connection box, enter the number of maximum concurrent connections with LDAP
administrator account permissions.
Step 21 For the Primary LDAP Server and Secondary LDAP Server tables:
Note If you did not check the On Timeout Use Secondary check box, you do not need to complete
the options in the Secondary LDAP Server table.
a. In the Hostname box, type the name or IP address of the server that is running the LDAP software.
If you are using DNS on your network, you can type the hostname instead of the IP address.