8-34
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter8 Managing Users and Identity Stores
Managing External Identity Stores

Viewing LDAP Attributes

Use this page to view the external LDAP attributes.
Step1 Select Users and Identity Stores > External Identity Stores > LDAP.
Step2 Check the check box next to the LDAP identity store whose attributes you want to view, click Edit, and
then click the Directory Attributes tab.
Step3 In the Name of example Subject to Select Attributes field, enter the name of an example object from
which to retrieve attributes, then click Select.
For example, the object can be an user and the name of the object could either be the username or the
user’s DN.
Step4 Complete the fields as described in Tabl e 8-9
Step5 Click Add and the information you entered is added to the fields on the screen.
The attributes listed here are available for policy conditions.
Step6 Click Submit to save your changes.
Leveraging Cisco NAC Profiler as an External MAB Database
ACS communicates with Cisco NAC Profiler to enable non-802.1X-capable devices to authenticate in
802.1X-enabled networks. Endpoints that are unable to a uthenticate through 802.1X use the MAC
Authentication Bypass (MAB) feature in switches to connect to an 802.1X-enabled network.
Typically, non-user-attached devices such as printers, fax machines, IP phones, and Uninterruptible
Power Supplies (UPSs) are not equipped with an 802.1x supplicant.
Table8-9 LDAP: Attributes Page
Option Description
Attribute Name Type an attribute name that you want included in the list of available attributes for policy
conditions.
Type Select the type you want associated with the attribute name you entered in the Attribute Name field.
Default Specify the default value you want associated with the attribute name you entered in the Attribute
Name field. If you do not specify a default value, no default is used.
When attributes are imported to the Attribute Name/Type/Default box via the Select button, these
default values are used:
String—Name of the attribute
Unsigned Integer 32
IP Address—This can be either an IPv4 or IPv6 address.
Policy Condition Name (Optional) Specify the name of the custom condition for this attribute. This condition will be
available for selection when customizing conditions in a policy.