Cisco Systems 4.2 Server User Manual


  Open as PDF
of 214
 
4-5
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 4 Using RDBMS Synchronization to Create dACLs and Specify Network Configuration
Using RDBMS Synchronization to Configure dACLs
Table 4-2 describes the accountActions codes used in Example 4-2 to add a User, create a dACL, and
associate the dACL with a specified User or Group.
Step 4: Configure RDBMS Synchronization to Use a Local CSV File
To configure RDBMS Synchronization to use a local CSV file:
Step 1 In the navigation bar, click System Configuration.
Step 2 Click RDBMS Synchronization.
Note If this feature does not appear, choose Interface Configuration > Advanced Options, then
check the RDBMS Synchronization check box.
The RDBMS Synchronization Setup page appears.
Step 3 If you are using ACS for Windows, complete these steps:
a. Complete the required fields on the RDBMS Synchronization Setup page (Figure 4-1).
Ta b l e 4-2 Account Action Codes to Create dACLs and Assign Them to Specified Users or Groups
Action Code Name Required Description
100 ADD_USER UN|GN, V1 Creates a User (32 characters maximum). The variable V1 is used
as the initial password. Optionally, you can assign the User to a
Group.
385 CREATE_DACL VN Use this action code to create a dACL.
VN = <input_file_name>
where input_file_name is a text file that contains definitions for
dACLs.
On ACS for Windows, this file resides in a directory on the
Windows machine that is running ACS.
On the ACS SE, this file resides on an FTP server used with the
ACS SE.
You can specify the absolute file path; for example:
C:\DACL\create_DACL_for_User_1.txt for ACS for Windows.
The dACL definition is ignored if it is already present, or contains
an invalid definition, content name, content definition, or NAF
name.
380 CREATE_USER_DACL UN|GN, VN This action code associates a specified dACL with a User or
Group. The dACL name specified should be valid and present in
ACS. The codes are:
UN = valid Username
GN = Valid Group name (optional)
VN = dACL name. (This dACL must be defined in Shared Profile
Components).
 previous next