beautypg.com

Cisco 3.3 User Manual

Page 529

background image

13-45

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 13 User Databases

Generic LDAP

Step 8

If you want to limit authentications processed by this LDAP configuration to
usernames with a specific domain qualification, follow these steps:

Note

For information about domain filtering, see

Domain Filtering,

page 13-34

.

a.

Under Domain Filtering, select Only process usernames that are domain
qualified
.

b.

From the “Qualified by” list, select the applicable type of domain
qualification, either Suffix or Prefix. Only one type of domain qualification
is supported per LDAP configuration.

For example, if you want this LDAP configuration to authenticate usernames
that begin with a specific domain name, select Prefix. If you want this LDAP
configuration to authenticate usernames that end with a specific domain
name, select Suffix.

c.

In the Domain Qualifier box, type the name of the domain that you want this
LDAP configuration to authenticate usernames for. Include the delimiting
character that separates the user ID from the domain name. Be sure that the
delimiting character appears in the applicable position: at the end of the
domain name if Prefix is selected on the “Qualified by” list; at the beginning
of the domain name if Suffix is selected on the “Qualified by” list.

Only one domain name is supported per LDAP configuration. You can type
up to 512 characters.

d.

If you want Cisco Secure ACS to remove the domain qualifier before
submitting it to the LDAP database, select the Strip domain before
submitting username to LDAP server
check box.

e.

If you want Cisco Secure ACS to pass the username to the LDAP database
without removing the domain qualifier, clear the Strip domain before
submitting username to LDAP server
check box.

Step 9

If you want to enable Cisco Secure ACS to strip domain qualifiers from
usernames before submitting them to an LDAP server, follow these steps: