Cisco Systems OL-24201-01 guide

Chapter 8 Managing Users and Identity Stores

Managing External Identity Stores

Table 8-8

LDAP: Directory Organization Page (continued)

Option

Description

Username Prefix\Suffix Stripping

	Strip start of subject name	Enter the appropriate text to remove domain prefixes from usernames.
	up to the last occurrence of	If, in the username, ACS finds the delimiter character that is specified in the start_string box,
	the separator
	the separator	it strips all characters from the beginning of the username through the delimiter character.

		If the username contains more than one of the characters that are specified in the start_string
		box, ACS strips characters through the last occurrence of the delimiter character. For example,
		if the delimiter character is the backslash (\) and the username is DOMAIN\echamberlain,
		ACS submits echamberlain to an LDAP server.
		The start_string cannot contain the following special characters: the pound sign (#), the
		question mark (?), the quote (“), the asterisk (*), the right angle bracket (>), and the left angle
		bracket (<). ACS does not allow these characters in usernames. If the X box contains any of
		these characters, stripping fails.

	Strip end of subject name	Enter the appropriate text to remove domain suffixes from usernames.
	from the first occurrence of	If, in the username, ACS finds the delimiter character that is specified in the Y box, it strips
	the separator
	the separator	all characters from the delimiter character through the end of the username.

		If the username contains more than one of the character specified in the Y box, ACS strips
		characters starting with the first occurrence of the delimiter character. For example, if the
		delimiter character is the at symbol (@) and the username is jwiedman@domain, then ACS
		submits jwiedman to an LDAP server.
		The end_string box cannot contain the following special characters: the pound sign (#), the
		question mark (?), the quote ("), the asterisk (*), the right angle bracket (>), and the left angle
		bracket (<). ACS does not allow these characters in usernames. If the end_string box contains
		any of these characters, stripping fails.

MAC Address Format

Search for MAC Address in Format <format>

MAC addresses in internal identity stores are stored in the format xx-xx-xx-xx-xx-xx. MAC addresses in LDAP databases can be stored in different formats. However, when ACS receives a host lookup request, ACS converts the MAC address from the internal format to the format that is specified in this field.

Use the drop-down list box to enable search for MAC addresses in a specific format, where <format> can be any one of the following:

•xxxxxxxxxxxx

•xx-xx-xx-xx-xx-xx

•xx:xx:xx:xx:xx:xx

•xxxx.xxxx.xxxx

The format you select must match the format of the MAC address stored in the LDAP server.

Step 2 Click Finish.

The external identity store you created is saved.

	User Guide for Cisco Secure Access Control System 5.3
8-32	OL-24201-01

Cisco Systems OL-24201-01 manual External identity store you created is saved

Models: OL-24201-01

Option

The external identity store you created is saved.

OL-24201-01