11-19
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 11 Working with User Databases
Generic LDAP
If fewer minutes have passed than the value specified in the Failback Retry Delay
box, Cisco Secure ACS attempts to connect to the secondary LDAP server first.
And if Cisco Secure ACS cannot connect to the secondary LDAP server,
Cisco Secure ACS then attempts to connect to the primary LDAP server.
If Cisco Secure ACS cannot connect to either LDAP server, Cisco Secure ACS
stops attempting LDAP authentication for the user. If the user is an unknown user,
Cisco Secure ACS tries the next external user database listed in the Unknown
User Policy list. For more information about the Unknown User Policy list, see
the “Unknown User Processing” section on page 12-1.
Configuring a Generic LDAP External User Database
Creating a generic LDAP configuration provides Cisco Secure ACS information
that enables it to pass authentication requests to an LDAP database. This
information reflects the way you have implemented your LDAP database and does
not dictate how your LDAP database is configured or functions. For information
about your LDAP database, refer to your LDAP documentation.
To configure Cisco Secure ACS to use the LDAP User Database, follow these
steps:
Step 1 In the navigation bar, click External User Databases.
Step 2 Click Database Configuration.
Result: Cisco Secure ACS displays a list of all possible external user database
types.
Step 3 Click Generic LDAP.
Note The user authenticates against only one LDAP database.
Result: If no LDAP database configuration exists, only the Database
Configuration Creation table appears. Otherwise, in addition to the Database
Configuration Creation table, the External User Database Configuration table
appears.