Chapter 11 Working with User Databases
Generic LDAP
11-24
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
For example, if the delimiter character is “\” and the username is
“DOMAIN\echamberlain”, Cisco Secure ACS submits “echamberlain”
to an LDAP server.
Note
The X box cannot contain the following special characters:
# ? " * > <
Cisco Secure ACS does not allow these characters in usernames;
therefore, if any of these characters are in the X box, stripping fails.
–
Strip ending characters through the first Y character—When
“Process all usernames after stripping domain name and delimiter” is
selected, this option specifies that Cisco Secure ACS attempts to strip a
suffixed domain qualifier. If, in the username, Cisco Secure ACS finds
the delimiter character that is specified in the Y box, it strips all
characters from the delimiter character through the end of the username.
If the username contains more than one of the character specified in the
Y box, Cisco Secure ACS strips characters starting with the first
occurrence of the delimiter character.
For example, if the delimiter character is “@” and the username is
“jwiedman@domain”, then Cisco Secure ACS submits “jwiedman” to an
LDAP server.
Note
The X box cannot contain the following special characters:
# ? " * > <
Cisco Secure ACS does not allow these characters in usernames;
therefore, if any of these characters are in the X box, stripping fails.
•
Common LDAP Configuration—This table contains options that apply to
all LDAP authentication performed using this configuration.
Cisco Secure ACS uses the settings in this section regardless of whether the
authentication is handled by the primary or secondary LDAP server. This
table contains the following options:
–
User Directory Subtree—The distinguished name (DN) for the subtree
that contains all users. For example:
ou=
organizational unit
[,ou=
next organizational unit
]o=corporation.com