beautypg.com

Cisco 3.3 User Manual

Page 531

background image

13-47

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

Chapter 13 User Databases

Generic LDAP

Step 13

In the User Object Class box, type the value of the LDAP “objectType” attribute
that identifies the record as a user. Often, user records have several values for the
objectType attribute, some of which are unique to the user, some of which are
shared with other object types. Select a value that is not shared.

Step 14

In the GroupObjectType box, type the name of the attribute in the group record
that contains the group name.

Step 15

In the GroupObjectClass box, type a value of the LDAP “objectType” attribute in
the group record that identifies the record as a group.

Step 16

In the GroupAttributeName box, type the name of the attribute of the group record
that contains the list of user records who are a member of that group.

Step 17

In the Server Timeout box, type the number of seconds Cisco Secure ACS waits
for a response from an LDAP server before determining that the connection with
that server has failed.

Step 18

To enable failover of LDAP authentication attempts, select the On Timeout Use
Secondary
check box. For more information about the LDAP failover feature, see

LDAP Failover, page 13-36

.

Step 19

In the Failback Retry Delay box, type the number of minutes after the primary
LDAP server fails to authenticate a user that Cisco Secure ACS resumes sending
authentication requests to the primary LDAP server first.

Note

To specify that Cisco Secure ACS should always use the primary LDAP
server first, type 0 (zero) in the Failback Retry Delay box.