Support User Manuals

Cisco Systems OL-24201-01 Camera Accessories User Manual

Open as PDF

of 650

8-29

User Guide for Cisco Secure Access Control System 5.3

OL-24201-01

Chapter 8 Managing Users and Identity Stores

Managing External Identity Stores

Step 2 Click Next.

Step 3 Continue with Configuring External LDAP Directory Organization, page 8-29.

Configuring External LDAP Directory Organization

Use this page to configure an external LDAP identity store.

Step 1 Select Users and Identity Stores > External Identity Stores > LDAP, then click any of the following:

• Create and follow the wizard until you reach the Directory Organization page.

• Duplicate, then click Next until the Directory Organization page appears.

• Edit, then click Next until the Directory Organization page appears.

Admin DN Enter the domain name of the administrator; that is, the LDAP account which, if bound to,

permits searching for all required users under the User Directory Subtree and permits

searching groups.

If the administrator specified does not have permission to see the group name attribute in

searches, group mapping fails for users that LDAP authenticates.

Password Type the LDAP administrator account password.

Use Secure Authentication Click to use Secure Sockets Layer (SSL) to encrypt communication between ACS and the

secondary LDAP server. Verify the Port field contains the port number used for SSL on the

LDAP server. If you enable this option, you must select a root CA.

Root CA Select a trusted root certificate authority from the drop-down list box to enable secure

authentication with a certificate.

Server Timeout <sec.>

Seconds

Type the number of seconds that ACS waits for a response from the secondary LDAP server

before determining that the connection or authentication with that server has failed, where

<sec.> is the number of seconds. Valid values are 1 to 300. (Default = 10.)

Max Admin Connections Type the maximum number of concurrent connections (greater than 0) with LDAP

administrator account permissions, that can run for a specific LDAP configuration. These

connections are used to search the directory for users and groups under the User Directory

Subtree and Group Directory Subtree. Valid values are 1 to 99. (Default = 8.)

Test Bind To Server Click to test and ensure that the secondary LDAP server details and credentials can

successfully bind. If the test fails, edit your LDAP server details and retest.

Table 8-7 LDAP: Server Connection Page (continued)

Option Description

previous next