11-21
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter11 Working with User Databases Generic LDAP
Step 9 To enable Cisco Secure ACS to direct LDAP authentications by filtering on the
end of a username, follow these steps:
a. From the Filter Domains list, select Suffix.
b. In the Domain Markup box, type the string of characters that a username must
end with in order for Cisco Secure ACS to use this LDAP configuration for
authentication.
For example, if users to be authenticated by this LDAP configuration submit
a username that ends with @mydomain.com, such as
stanley@mydomain.com or mwiliams@mydomain.com, in the Domain
Markup box, type @mydomain.com.
c. To remove from the end of the username the characters defined in the Domain
Markup box before submitting it to the LDAP database, select the Strip
Markup check box.
d. To pass the username to the LDAP database without removing the characters
defined in Domain Markup, clear the Strip Markup check box.
Step 10 In the User Directory Subtree box, type the following:
o=subtree
where subtree is the tree in which all of your users are located. This is configured
when you set up your LDAP database. For more information, refer to your LDAP
database documentation.
Note Your users could be located under an organizational unit rather than
an organization. If this is the case, type ou= subtree in the User
Directory Subtree.
Step 11 In the Group Directory Subtree box, type the following:
o=subtree
where subtree is the tree in which all of your groups are located. This can be the
same location as the user subtree, entered in the User Directory Subtree box. This
is configured when you set up your LDAP database. For more information, refer
to your LDAP database documentation.