Cisco Systems OL-24201-01 Camera Accessories User Manual


 
8-28
User Guide for Cisco Secure Access Control System 5.3
OL-24201-01
Chapter 8 Managing Users and Identity Stores
Managing External Identity Stores
Anonymous Access Click to ensure that searches on the LDAP directory occur anonymously. The server does not
distinguish who the client is and will allow the client read access to any data that is configured
accessible to any unauthenticated client.
In the absence of specific policy permitting authentication information to be sent to a server,
a client should use an anonymous connection.
Authenticated Access Click to ensure that searches on the LDAP directory occur with administrative credentials. If
so, enter information for the Admin DN and Password fields.
Admin DN Enter the distinguished name of the administrator; that is, the LDAP account which, if bound
to, permits searching all required users under the User Directory Subtree and permits
searching groups.
If the administrator specified does not have permission to see the group name attribute in
searches, group mapping fails for users that LDAP authenticates.
Password Enter the LDAP administrator account password.
Use Secure Authentication Click to use Secure Sockets Layer (SSL) to encrypt communication between ACS and the
primary LDAP server. Verify the Port field contains the port number used for SSL on the
LDAP server. If you enable this option, you must select a root CA.
Root CA Select a trusted root certificate authority from the drop-down list box to enable secure
authentication with a certificate.
Server Timeout <sec.>
Seconds
Enter the number of seconds that ACS waits for a response from the primary LDAP server
before determining that the connection or authentication with that server has failed, where
<sec.> is the number of seconds. Valid values are 1 to 300. (Default = 10.)
Max Admin Connections Enter the maximum number of concurrent connections (greater than 0) with LDAP
administrator account permissions, that can run for a specific LDAP configuration. These
connections are used to search the directory for users and groups under the User Directory
Subtree and Group Directory Subtree. Valid values are 1 to 99. (Default = 8.)
Test Bind To Server Click to test and ensure that the primary LDAP server details and credentials can successfully
bind. If the test fails, edit your LDAP server details and retest.
Secondary Server
Hostname Enter the IP address or DNS name of the machine that is running the secondary LDAP
software. The hostname can contain from 1 to 256 characters or a valid IP address expressed
as a string. The only valid characters for hostnames are alphanumeric characters (a to z, A to
Z, 0 to 9), the dot (.), and the hyphen (-).
Port Enter the TCP/IP port number on which the secondary LDAP server is listening. Valid values
are from 1 to 65,535. The default is 389, as stated in the LDAP specification. If you do not
know the port number, you can find this information by viewing DS Properties on the LDAP
machine.
Anonymous Access Click to verify that searches on the LDAP directory occur anonymously. The server does not
distinguish who the client is and will allow the client to access (read and update) any data that
is configured to be accessible to any unauthenticated client.
In the absence of specific policy permitting authentication information to be sent to a server,
a client should use an anonymous connection.
Authenticated Access Click to ensure that searches on the LDAP directory occur with administrative credentials. If
so, enter information for the Admin DN and Password fields.
Table 8-7 LDAP: Server Connection Page (continued)
Option Description