Chapter 8 Managing Users and Identity Stores

Managing External Identity Stores

Table 8-8

LDAP: Directory Organization Page (continued)

Option

Description

Username Prefix\Suffix Stripping

Strip start of subject name

Enter the appropriate text to remove domain prefixes from usernames.

up to the last occurrence of

If, in the username, ACS finds the delimiter character that is specified in the start_string box,

the separator

it strips all characters from the beginning of the username through the delimiter character.

 

 

If the username contains more than one of the characters that are specified in the start_string

 

box, ACS strips characters through the last occurrence of the delimiter character. For example,

 

if the delimiter character is the backslash (\) and the username is DOMAIN\echamberlain,

 

ACS submits echamberlain to an LDAP server.

 

The start_string cannot contain the following special characters: the pound sign (#), the

 

question mark (?), the quote (“), the asterisk (*), the right angle bracket (>), and the left angle

 

bracket (<). ACS does not allow these characters in usernames. If the X box contains any of

 

these characters, stripping fails.

 

 

Strip end of subject name

Enter the appropriate text to remove domain suffixes from usernames.

from the first occurrence of

If, in the username, ACS finds the delimiter character that is specified in the Y box, it strips

the separator

all characters from the delimiter character through the end of the username.

 

 

If the username contains more than one of the character specified in the Y box, ACS strips

 

characters starting with the first occurrence of the delimiter character. For example, if the

 

delimiter character is the at symbol (@) and the username is jwiedman@domain, then ACS

 

submits jwiedman to an LDAP server.

 

The end_string box cannot contain the following special characters: the pound sign (#), the

 

question mark (?), the quote ("), the asterisk (*), the right angle bracket (>), and the left angle

 

bracket (<). ACS does not allow these characters in usernames. If the end_string box contains

 

any of these characters, stripping fails.

 

 

MAC Address Format

Search for MAC Address in Format <format>

MAC addresses in internal identity stores are stored in the format xx-xx-xx-xx-xx-xx. MAC addresses in LDAP databases can be stored in different formats. However, when ACS receives a host lookup request, ACS converts the MAC address from the internal format to the format that is specified in this field.

Use the drop-down list box to enable search for MAC addresses in a specific format, where <format> can be any one of the following:

xxxxxxxxxxxx

xx-xx-xx-xx-xx-xx

xx:xx:xx:xx:xx:xx

xxxx.xxxx.xxxx

The format you select must match the format of the MAC address stored in the LDAP server.

Step 2 Click Finish.

The external identity store you created is saved.

 

User Guide for Cisco Secure Access Control System 5.3

8-32

OL-24201-01

Page 184
Image 184
Cisco Systems OL-24201-01 manual External identity store you created is saved