Generic ldap – Cisco 3.3 User Manual
Page 516
Chapter 13 User Databases
Generic LDAP
13-32
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Step 7
Click Submit.
Cisco Secure ACS saves the Windows user database configuration you created.
You can now add it to your Unknown User Policy or assign specific user accounts
to use this database for authentication. For more information about the Unknown
User Policy, see
About Unknown User Authentication, page 15-4
. For more
information about configuring user accounts to authenticate using this database,
see
.
Generic LDAP
Cisco Secure ACS supports ASCII, PAP, EAP-TLS, PEAP(EAP-GTC), and
EAP-FAST (phase two only) authentication via generic Lightweight Directory
Access Protocol (LDAP) databases, such as Netscape Directory Services. Other
authentication protocols are not supported with LDAP external user databases.
Note
Authentication protocols not supported with LDAP databases may be supported
by another type of external user database. For more information about
authentication protocols and the external database types that support them, see
Authentication Protocol-Database Compatibility, page 1-10
Cisco Secure ACS supports group mapping for unknown users by requesting
group membership information from LDAP user databases. For more information
about group mapping for users authenticated with an LDAP user database, see
Group Mapping by Group Set Membership, page 16-4
.
Configuring Cisco Secure ACS to authenticate against an LDAP database has no
effect on the configuration of the LDAP database. To manage your LDAP
database, see your LDAP database documentation.
This section contains the following topics:
•
Cisco Secure ACS Authentication Process with a Generic LDAP User
Database, page 13-33
•
Multiple LDAP Instances, page 13-33
•
LDAP Organizational Units and Groups, page 13-34
•