beautypg.com

Ldap configuration options, Ldap configuration – Cisco 3.3 User Manual

Page 521

background image

13-37

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 13 User Databases

Generic LDAP

Unsuccessful Previous Authentication with the Primary LDAP Server

If, on the previous LDAP authentication attempt, Cisco Secure ACS could not
connect to the primary LDAP server, whether Cisco Secure ACS first attempts to
connect to the primary server or secondary LDAP server for the current
authentication attempt depends on the value in the Failback Retry Delay box. If
the Failback Retry Delay box is set to 0 (zero), Cisco Secure ACS always attempts
to connect to the primary LDAP server first. And if Cisco Secure ACS cannot
connect to the primary LDAP server, Cisco Secure ACS then attempts to connect
to the secondary LDAP server.

If the Failback Retry Delay box is set to a number other than zero, Cisco Secure
ACS determines how many minutes have passed since the last authentication
attempt using the primary LDAP server occurred. If more minutes have passed
than the value specified in the Failback Retry Delay box, Cisco Secure ACS
attempts to connect to the primary LDAP server first. And if Cisco Secure ACS
cannot connect to the primary LDAP server, Cisco Secure ACS then attempts to
connect to the secondary LDAP server.

If fewer minutes have passed than the value specified in the Failback Retry Delay
box, Cisco Secure ACS attempts to connect to the secondary LDAP server first.
And if Cisco Secure ACS cannot connect to the secondary LDAP server,
Cisco Secure ACS then attempts to connect to the primary LDAP server.

If Cisco Secure ACS cannot connect to either LDAP server, Cisco Secure ACS
stops attempting LDAP authentication for the user. If the user is an unknown user,
Cisco Secure ACS tries the next external user database listed in the Unknown
User Policy list. For more information about the Unknown User Policy list, see

About Unknown User Authentication, page 15-4

.

LDAP Configuration Options

The LDAP Database Configuration page contains many options, presented in
three tables:

Domain Filtering—This table contains options for domain filtering. The
settings in this table affect all LDAP authentication performed using this
configuration, regardless of whether the authentication is handled by the
primary or secondary LDAP server. For more information about domain
filtering, see

Domain Filtering, page 13-34