beautypg.com

Generic ldap – Cisco 3.3 User Manual

Page 516

background image

Chapter 13 User Databases

Generic LDAP

13-32

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Step 7

Click Submit.

Cisco Secure ACS saves the Windows user database configuration you created.
You can now add it to your Unknown User Policy or assign specific user accounts
to use this database for authentication. For more information about the Unknown
User Policy, see

About Unknown User Authentication, page 15-4

. For more

information about configuring user accounts to authenticate using this database,
see

Chapter 7, “User Management”

.

Generic LDAP

Cisco Secure ACS supports ASCII, PAP, EAP-TLS, PEAP(EAP-GTC), and
EAP-FAST (phase two only) authentication via generic Lightweight Directory
Access Protocol (LDAP) databases, such as Netscape Directory Services. Other
authentication protocols are not supported with LDAP external user databases.

Note

Authentication protocols not supported with LDAP databases may be supported
by another type of external user database. For more information about
authentication protocols and the external database types that support them, see

Authentication Protocol-Database Compatibility, page 1-10

.

Cisco Secure ACS supports group mapping for unknown users by requesting
group membership information from LDAP user databases. For more information
about group mapping for users authenticated with an LDAP user database, see

Group Mapping by Group Set Membership, page 16-4

.

Configuring Cisco Secure ACS to authenticate against an LDAP database has no
effect on the configuration of the LDAP database. To manage your LDAP
database, see your LDAP database documentation.

This section contains the following topics:

Cisco Secure ACS Authentication Process with a Generic LDAP User
Database, page 13-33

Multiple LDAP Instances, page 13-33

LDAP Organizational Units and Groups, page 13-34

Domain Filtering, page 13-34