6-13
Configuration Guide for Cisco Secure ACS 4.2
OL-14390-02
Chapter 6 Agentless Host Support Configuration Scenario
Basic Configuration Steps for Agentless Host Support
Table 6-1 describes the attributes of the sample LDAP groups.
Create One or More LDAP Database Configurations in ACS
After you have configured one or more LDAP databases to support MAB, configure ACS to query the
LDAP databases.
The settings in the following procedure are based on the LDAP schema described in the previous section,
Configure an External LDAP Database for MAB Support, page 6-10. For your ACS installation,
configure ACS based on the schema that you set up for your network.
To create a LDAP configuration in ACS:
Step 1 In the navigation bar, click External User Databases.
The External User Databases page opens.
Step 2 Click Database Configuration.
The External User Database Configuration page opens.
Step 3 Click Generic LDAP.
The Database Configuration Creation table appears. If an LDAP configuration exists, the External User
Database Configuration table also appears.
Step 4 Do one of the following. If:
• There are no existing LDAP database configurations, click Create New Configuration.
• The External User Database table appears, click Configure.
Step 5 If you are creating a new LDAP configuration, enter the name of the new configuration for generic LDAP
and then click Submit.
Step 6 Click Configure.
The Generic LDAP Configuration page appears and contains four sections:
• Domain Filtering—Use to configure domain filtering, which is an optional configuration setting.
Ta b l e 6-1 Attributes in LDAP User Groups for Agentless Host Support
Attribute Name Description
objectClass The value in the example indicates that this is a “group of unique names.” The value that you
specify here must match the name that you specify in the Group Object Class text box when
you specify the Common LDAP configuration during ACS LDAP configuration.
For information on configuring LDAP, see Configure an External LDAP Database for MAB
Support, page 6-10.
uniqueMember The value in the example is uniqueMember. One or more uniqueMember entries are used to
specify one or more device type records that have been set up in the LDAP schema to define
agentless hosts with specified MAC addresses. The objectClass field in the LDAP user group
shown in the previous code sample includes user00, user77a, and user88.
The name that you give to this field in your LDAP schema must match the value that you
enter in the Group Attribute Name text box when you specify the common LDAP
configuration during ACS LD configuration.
For information on configuring LDAP, see Configure an External LDAP Database for MAB
Support, page 6-10.