11-23
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
Chapter 11 Working with User Databases
Generic LDAP
Note
Regardless of the domain qualifier type selected, the domain
name must match the domain specified in the Domain Qualifier
box.
–
Domain Qualifier—When “Only process usernames that are domain
qualified” is selected, this option specifies the domain name and
delimiting character that must qualify usernames so Cisco Secure ACS
can submit the username to an LDAP server. The Domain box accepts up
to 512 characters; however, only one domain name and its delimiting
character are permitted.
For example, if the domain name is “mydomain”, the delimiting
character is “@”, and Suffix is selected on the “Qualified by” list, the
Domain box should contain “@mydomain”. If the domain name is
“radioman”, the delimiting character is “\”, and Prefix is selected on the
“Qualified by” list, the Domain Qualifier box should contain
“yourdomain\”.
–
Strip domain before submitting username to LDAP server—When
“Only process usernames that are domain qualified” is selected, this
option specifies whether Cisco Secure ACS removes the domain
qualifier and its delimiting character before submitting a username to an
LDAP server. For example, if the username is
“[email protected]”, the stripped username is “jwiedman”.
–
Process all usernames after stripping domain name and
delimiter—When this option is selected, Cisco Secure ACS submits all
usernames to an LDAP server after attempting to strip domain names.
Usernames that are not domain qualified are processed, too. Domain
name stripping occurs as specified by the following two options.
–
Strip starting characters through the last X character—When
“Process all usernames after stripping domain name and delimiter” is
selected, this option specifies that Cisco Secure ACS attempts to strip a
prefixed domain qualifier. If, in the username, Cisco Secure ACS finds
the delimiter character that is specified in the X box, it strips all
characters from the beginning of the username through the delimiter
character. If the username contains more than one of the character
specified in the X box, Cisco Secure ACS strips characters through the
last occurrence of the delimiter character.