Filter
Top Products
8-26
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8 Managing Users and Identity Stores
Managing External Identity Stores
• Unsigned Integer 32
• IPv4 Address
For unsigned integers and IPv4 attributes, ACS converts the strings that it has retrieved to the
corresponding data types. If conversion fails or if no values are retrieved for the attributes, ACS logs a
debug message, but does not fail the authentication or the lookup process.
You can optionally configure default values for the attributes that ACS can use when the conversion fails
or when ACS does not retrieve any values for the attributes.
Certificate Retrieval
If you have configured certificate retrieval as part of user lookup, then ACS must retrieve the value of
the certificate attribute from LDAP. To do this, you must have configured certificate attribute in the List
of attributes to fetch while configuring an LDAP identity store.
Creating External LDAP Identity Stores
Note Configuring an LDAP identity store for ACS has no effect on the configuration of the LDAP database.
ACS recognizes the LDAP database, enabling the database to be authenticated against. To manage your
LDAP database, see your LDAP database documentation.
When you create an LDAP identity store, ACS also creates:
• A new dictionary for that store with two attributes, ExternalGroups and IdentityDn.
• A custom condition for group mapping from the ExternalGroup attribute; the condition name has
the format LDAP:ID_store_name ExternalGroups.
You can edit the predefined condition name, and you can create a custom condition from the IdentityDn
attribute in the Custom condition page. See Creating, Duplicating, and Editing a Custom Session
Condition, page 9-5.
To create, duplicate, or edit an external LDAP identity store:
Step 1 Select Users and Identity Stores > External Identity Stores > LDAP.
The LDAP Identity Stores page appears.
Step 2 Click Create. You can also:
• Check the check box next to the identity store you want to duplicate, then click Duplicate.
• Click the identity store name that you want to modify, or check the box next to the name and click
Edit.
If you are creating an identity store, the first page of a wizard appears: General.
If you are duplicating an identity store, the External Identity Stores > Duplicate: “<idstore>” page
General tab appears, where idstore is the name of the external identity store that you chose.
If you are editing an identity store, the External Identity Stores > Edit: “idstore” page General tab
appears, where idstore is the name of the external identity store that you chose.
Step 3 Complete the Name and Description fields as required.
Step 4 Click Next.