Chapter 8 Managing Users and Identity Stores

Managing External Identity Stores

Viewing LDAP Attributes

Use this page to view the external LDAP attributes.

Step 1 Select Users and Identity Stores > External Identity Stores > LDAP.

Step 2 Check the check box next to the LDAP identity store whose attributes you want to view, click Edit, and then click the Directory Attributes tab.

Step 3 In the Name of example Subject to Select Attributes field, enter the name of an example object from which to retrieve attributes, then click Select.

For example, the object can be an user and the name of the object could either be the username or the user’s DN.

Step 4 Complete the fields as described in Table 8-9

Table 8-9

LDAP: Attributes Page

 

 

Option

Description

 

 

Attribute Name

Type an attribute name that you want included in the list of available attributes for policy

 

conditions.

 

 

Type

Select the type you want associated with the attribute name you entered in the Attribute Name field.

 

 

Default

Specify the default value you want associated with the attribute name you entered in the Attribute

 

Name field. If you do not specify a default value, no default is used.

 

When attributes are imported to the Attribute Name/Type/Default box via the Select button, these

 

default values are used:

 

String—Name of the attribute

 

Unsigned Integer 32

 

IPv4 Address

Policy Condition Name (Optional) Specify the name of the custom condition for this attribute. This condition will be available for selection when customizing conditions in a policy.

Step 5 Click Add and the information you entered is added to the fields on the screen.

The attributes listed here are available for policy conditions.

Step 6 Click Submit to save your changes.

Leveraging Cisco NAC Profiler as an External MAB Database

ACS communicates with Cisco NAC Profiler to enable non-802.1X-capable devices to authenticate in 802.1X-enabled networks. Endpoints that are unable to authenticate through 802.1X use the MAC Authentication Bypass (MAB) feature in switches to connect to an 802.1X-enabled network.

Typically, non-user-attached devices such as printers, fax machines, IP phones, and Uninterruptible Power Supplies (UPSs) are not equipped with an 802.1x supplicant.

 

User Guide for Cisco Secure Access Control System 5.3

8-34

OL-24201-01

Page 186
Image 186
Cisco Systems OL-24201-01 manual Leveraging Cisco NAC Profiler as an External MAB Database, Viewing Ldap Attributes