Cisco 3.3 User Manual
Page 531
13-47
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 13 User Databases
Generic LDAP
Step 13
In the User Object Class box, type the value of the LDAP “objectType” attribute
that identifies the record as a user. Often, user records have several values for the
objectType attribute, some of which are unique to the user, some of which are
shared with other object types. Select a value that is not shared.
Step 14
In the GroupObjectType box, type the name of the attribute in the group record
that contains the group name.
Step 15
In the GroupObjectClass box, type a value of the LDAP “objectType” attribute in
the group record that identifies the record as a group.
Step 16
In the GroupAttributeName box, type the name of the attribute of the group record
that contains the list of user records who are a member of that group.
Step 17
In the Server Timeout box, type the number of seconds Cisco Secure ACS waits
for a response from an LDAP server before determining that the connection with
that server has failed.
Step 18
To enable failover of LDAP authentication attempts, select the On Timeout Use
Secondary check box. For more information about the LDAP failover feature, see
Step 19
In the Failback Retry Delay box, type the number of minutes after the primary
LDAP server fails to authenticate a user that Cisco Secure ACS resumes sending
authentication requests to the primary LDAP server first.
Note
To specify that Cisco Secure ACS should always use the primary LDAP
server first, type 0 (zero) in the Failback Retry Delay box.