Support User Manuals

Cisco Systems 4.2 Server User Manual

Open as PDF

of 214

6-13

Configuration Guide for Cisco Secure ACS 4.2

OL-14390-02

Chapter 6 Agentless Host Support Configuration Scenario

Basic Configuration Steps for Agentless Host Support

Table 6-1 describes the attributes of the sample LDAP groups.

Create One or More LDAP Database Configurations in ACS

After you have configured one or more LDAP databases to support MAB, configure ACS to query the

LDAP databases.

The settings in the following procedure are based on the LDAP schema described in the previous section,

Configure an External LDAP Database for MAB Support, page 6-10. For your ACS installation,

configure ACS based on the schema that you set up for your network.

To create a LDAP configuration in ACS:

Step 1 In the navigation bar, click External User Databases.

The External User Databases page opens.

Step 2 Click Database Configuration.

The External User Database Configuration page opens.

Step 3 Click Generic LDAP.

The Database Configuration Creation table appears. If an LDAP configuration exists, the External User

Database Configuration table also appears.

Step 4 Do one of the following. If:

• There are no existing LDAP database configurations, click Create New Configuration.

• The External User Database table appears, click Configure.

Step 5 If you are creating a new LDAP configuration, enter the name of the new configuration for generic LDAP

and then click Submit.

Step 6 Click Configure.

The Generic LDAP Configuration page appears and contains four sections:

• Domain Filtering—Use to configure domain filtering, which is an optional configuration setting.

Ta b l e 6-1 Attributes in LDAP User Groups for Agentless Host Support

Attribute Name Description

objectClass The value in the example indicates that this is a “group of unique names.” The value that you

specify here must match the name that you specify in the Group Object Class text box when

you specify the Common LDAP configuration during ACS LDAP configuration.

For information on configuring LDAP, see Configure an External LDAP Database for MAB

Support, page 6-10.

uniqueMember The value in the example is uniqueMember. One or more uniqueMember entries are used to

specify one or more device type records that have been set up in the LDAP schema to define

agentless hosts with specified MAC addresses. The objectClass field in the LDAP user group

shown in the previous code sample includes user00, user77a, and user88.

The name that you give to this field in your LDAP schema must match the value that you

enter in the Group Attribute Name text box when you specify the common LDAP

configuration during ACS LD configuration.

For information on configuring LDAP, see Configure an External LDAP Database for MAB

Support, page 6-10.

previous next