Filter
Top Products
11-25
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 11 Working with User Databases
Novell NDS Database
Some versions of Novell NDS provide standard LDAP implementations. If your
Novell NDS supports standard LDAP and you have implemented standard LDAP,
you should configure a Cisco Secure ACS generic LDAP external user database
to authenticate users defined in your Novell NDS. For more information about
generic LDAP external user databases, see the “Generic LDAP” section on
page 11-14.
To authenticate users with a Novell NDS database, Cisco Secure ACS depends
upon Novell Requestor. Novell Requestor must be installed on the same
Windows NT/2000 server as Cisco Secure ACS. You can download the
Requestor software from the Novell web site. For more information, refer to your
Novell and Microsoft documentation.
For users to authenticate against a Novell NDS database, Cisco Secure ACS must
be correctly configured to recognize the Novell NDS structure. Cisco Secure ACS
supports up to twenty trees. Each tree has several containers, and each container
can have several contexts. NDS trees can be thought of as similar to
Windows NT/2000 domains. For a user to authenticate against a Novell NDS
context, a user object must exist, and the password must be able to log the name
into the tree.
This section contains the following topics:
• User Contexts, page 11-25
• Novell NDS External User Database Options, page 11-27
• Configuring a Novell NDS External User Database, page 11-28
User Contexts
You must supply one or more contexts when you configure Cisco Secure ACS to
authenticate with an NDS database; however, users can supply an additional
portion of the full context that defines their fully-qualified usernames. In other
words, if none of the contexts in the list of contexts contains a username submitted
for authentication, the username must specify exactly how they are subordinate to
the contexts in the list of contexts. The user specifies the manner in which a
username is subordinate to a context by providing the additional context
information needed to uniquely identify the user in the NDS database.