11-31
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Chapter 11 Working with User Databases
Generic LDAP
Step 12 In the User Object Type box, type the name of the attribute in the user record that
contains the username. You can obtain this attribute name from your Directory
Server. For more information, refer to your LDAP database documentation.
Note The default values in the UserObjectType and following fields reflect the
default configuration of the Netscape Directory Server. Confirm all values
for these fields with your LDAP server configuration and documentation.
Step 13 In the User Object Class box, type the value of the LDAP “objectType” attribute
that identifies the record as a user. Often, user records have several values for the
objectType attribute, some of which are unique to the user, some of which are
shared with other object types. Select a value that is not shared.
Step 14 In the GroupObjectType box, type the name of the attribute in the group record
that contains the group name.
Step 15 In the GroupObjectClass box, type a value of the LDAP “objectType” attribute in
the group record that identifies the record as a group.
Step 16 In the GroupAttributeName box, type the name of the attribute of the group record
that contains the list of user records who are a member of that group.
Step 17 In the Server Timeout box, type the number of seconds Cisco Secure ACS waits
for a response from an LDAP server before determining that the connection with
that server has failed.
Step 18 To enable failover of LDAP authentication attempts, select the On Timeout Use
Secondary check box. For more information about the LDAP failover feature, see
LDAP Failover, page 11-20.
Step 19 In the Failback Retry Delay box, type the number of minutes after the primary
LDAP server fails to authenticate a user that Cisco Secure ACS resumes sending
authentication requests to the primary LDAP server first.
Note To specify that Cisco Secure ACS should always use the primary LDAP
server first, type 0 (zero) in the Failback Retry Delay box.
To Next Page
Loading...
Need help?
General