Chapter 8 Managing Users and Identity Stores

Managing External Identity Stores

Step 5 Continue with Configuring an External LDAP Server Connection, page 8-27.

Note NAC guest Server can also be used as an External LDAP Server. For procedure to use NAC guest server as an External LDAP Server: http://www.cisco.com/en/US/docs/security/nac/guestserver/configuration_guide/20/ g_sponsor.html#wp1070105.

Related Topic

Deleting External LDAP Identity Stores, page 8-33

Configuring an External LDAP Server Connection

Use this page to configure an external LDAP identity store.

Step 1 Select Users and Identity Stores > External Identity Stores > LDAP, then click any of the following:

Create and follow the wizard.

Duplicate, then click Next. The Server Connection page appears.

Edit, then click Next. The Server Connection page appears.

Table 8-7

LDAP: Server Connection Page

Option

Description

Server Connection

Enable Secondary Server

Check to enable the secondary LDAP server, to use as a backup in the event that the primary

 

LDAP server fails. If you check this check box, you must enter configuration parameters for

 

the secondary LDAP server.

 

 

Always Access Primary

Click to ensure that the primary LDAP server is accessed first, before the secondary LDAP

Server First

server is accessed.

 

 

Failback to Primary Server

Click to set the number of minutes that ACS authenticates using the secondary LDAP server

After <min.> Minutes

if the primary server cannot be reached, where <min.> is the number of minutes. After this

 

time period, ACS reattempts authentication using the primary LDAP server. (Default = 5.)

 

 

Primary Server

 

Hostname

Port

Enter the IP address or DNS name of the machine that is running the primary LDAP software. The hostname can contain from 1 to 256 characters or a valid IP address expressed as a string. The only valid characters for hostnames are alphanumeric characters (a to z, A to Z, 0 to 9), the dot (.), and the hyphen (-).

Enter the TCP/IP port number on which the primary LDAP server is listening. Valid values are from 1 to 65,535. The default is 389, as stated in the LDAP specification. If you do not know the port number, you can find this information by referring to the administrator of the LDAP server.

 

 

User Guide for Cisco Secure Access Control System 5.3

 

 

 

 

 

 

OL-24201-01

 

 

8-27

 

 

 

 

 

Page 178 Page 180
Page 179
Image 179
Cisco Systems OL-24201-01 manual Configuring an External Ldap Server Connection, Related Topic
Page 178 Page 180
Top Page Image Contents