Cisco 3.3 User Manual

Page 522

Advertising
background image

Chapter 13 User Databases

Generic LDAP

13-38

User Guide for Cisco Secure ACS for Windows Server

78-16592-01

This table contains the following options:

Process all usernames—When this option is selected, Cisco Secure
ACS does not perform domain filtering on usernames before submitting
them to the LDAP server for authentication.

Only process usernames that are domain qualified—When this option
is selected, Cisco Secure ACS only attempts authentication for
usernames that are domain qualified for a single domain. You must
specify the type of domain qualifier and the domain in the “Qualified by”
and Domain options. Cisco Secure ACS only submits usernames that are
qualified in the method specified in the “Qualified by” option and that are
qualified with the username specified in the Domain Qualifier box. You
can also specify whether Cisco Secure ACS removes the domain qualifier
from usernames before submitting them to an LDAP server.

Qualified by—When “Only process usernames that are domain
qualified” is selected, this option specifies the type of domain
qualification. If you select Prefix, Cisco Secure ACS only processes
usernames that begin with the characters specified in the Domain
Qualifier box. If you select Suffix, Cisco Secure ACS only processes
usernames that end in the characters specified in the Domain Qualifier
box.

Note

Regardless of the domain qualifier type selected, the domain name
must match the domain specified in the Domain Qualifier box.

Domain Qualifier—When “Only process usernames that are domain
qualified” is selected, this option specifies the domain name and
delimiting character that must qualify usernames so Cisco Secure ACS
can submit the username to an LDAP server. The Domain box accepts up
to 512 characters; however, only one domain name and its delimiting
character are permitted.

For example, if the domain name is “mydomain”, the delimiting
character is “@”, and Suffix is selected on the “Qualified by” list, the
Domain box should contain “@mydomain”. If the domain name is
“yourdomain”, the delimiting character is “\”, and Prefix is selected on
the “Qualified by” list, the Domain Qualifier box should contain
“yourdomain\”

Advertising
Popular Brands
Popular manuals