Configuring a generic ldap external user database, Configuring – Cisco 3.3 User Manual
Page 527
13-43
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 13 User Databases
Generic LDAP
–
Admin DN—The DN of the administrator; that is, the LDAP account
which, if bound to, permits searches for all required users under the User
Directory Subtree. It must contain the following information about your
LDAP server:
uid=user id,[ou=organizational unit,][ou=next organizational
unit]o=organization
where user id is the username, organizational unit is the last level of the
tree, and next organizational unit is the next level up the tree.
For example:
uid=joesmith,ou=members,ou=administrators,o=cisco
You can use anonymous credentials for the administrator username if the
LDAP server is configured to make the group name attribute visible in
searches by anonymous credentials. Otherwise, you must specify an
administrator username that permits the group name attribute to be
visible to searches.
Note
If the administrator username specified does not have permission to
see the group name attribute in searches, group mapping fails for
users authenticated by LDAP.
–
Password—The password for the administrator account specified in the
Admin DN box. Password case sensitivity is determined by the LDAP
server.
Configuring a Generic LDAP External User Database
Creating a generic LDAP configuration provides Cisco Secure ACS information
that enables it to pass authentication requests to an LDAP database. This
information reflects the way you have implemented your LDAP database and does
not dictate how your LDAP database is configured or functions. For information
about your LDAP database, refer to your LDAP documentation.
Before You Begin
For information about the options on the LDAP Database Configuration page, see