Filter
Top Products
Chapter 11 Working with User Databases
Generic LDAP
11-22
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Note Your groups could be located under an organizational unit rather than
an organization. If this is the case, in the Group Directory Subtree,
type ou=subtree.
Step 12 In the User Object Type box, type the name of the attribute in the user record that
contains the user name. You can obtain this attribute name from your Directory
Server. For more information, refer to your LDAP database documentation.
Note The default values in the UserObjectType and following fields reflect
the default configuration of the Netscape Directory Server. Confirm
all values for these fields with your LDAP server’s configuration and
documentation.
Step 13 In the User Object Class box, type the value of the LDAP “objectType” attribute
that identifies the record as a user. Often, user records have several values for the
objectType attribute, some of which are unique to the user, some of which are
shared with other object types. Select a value that is not shared.
Step 14 In the GroupObjectType box, type the name of the attribute in the group record
that contains the group name.
Step 15 In the GroupObjectClass box, type a value of the LDAP “objectType” attribute in
the group record that identifies the record as a group.
Step 16 In the GroupAttributeName box, type the name of the attribute of the group record
that contains the list of user records who are a member of that group.
Step 17 In the Server Timeout box, type the number of seconds Cisco Secure ACS waits
for a response from an LDAP server before determining that the connection with
that server has failed.
Step 18 To enable failover of LDAP authentication attempts, select the On Timeout Use
Secondary check box. For more information about the LDAP failover feature, see
the “LDAP Failover” section on page 11-17.
Step 19 In the Failback Retry Delay box, type the number of minutes after the primary
LDAP server fails to authenticate a user that Cisco Secure ACS resumes sending
authentication requests to the primary LDAP server first.