Chapter 11 Working with User Databases
Generic LDAP
11-26
User Guide for Cisco Secure ACS for Windows Server
78-14696-01, Version 3.1
–
Group Attribute Name—The name of the attribute of the group record
that contains the list of user records that are a member of that group.
–
Server Timeout—The number of seconds Cisco Secure ACS waits for a
response from an LDAP server before determining that the connection
with that server has failed.
–
On Timeout Use Secondary—Whether Cisco Secure ACS performs
failover of LDAP authentication attempts. For more information about
the LDAP failover feature, see
LDAP Failover, page 11-20
.
–
Failback Retry Delay—The number of minutes after the primary LDAP
server fails to authenticate a user that Cisco Secure ACS resumes sending
authentication requests to the primary LDAP server first. A value of 0
(zero) causes Cisco Secure ACS to always use the primary LDAP server
first.
•
Primary and Secondary LDAP Servers—The Primary LDAP Server table
and the Secondary LDAP Server table enable you to identify the LDAP
servers and make settings that are unique to each. The Secondary LDAP
Server table does not need to be completed if you do not intend to use LDAP
failover. These tables contain the following options:
–
Hostname—The name or IP address of the server that is running the
LDAP software. If you are using DNS on your network, you can type the
hostname instead of the IP address.
–
Port—The TCP/IP port number on which the LDAP server is listening.
The default is 389, as stated in the LDAP specification. If you do not
know the port number, you can find this information by viewing those
properties on the LDAP server. If you want to use secure authentication,
port 636 is usually used.
–
LDAP Version—Whether Cisco Secure ACS uses LDAP version 3 or
version 2 to communicate with your LDAP database. If this check box is
selected, Cisco Secure ACS uses LDAP version 3. If it is not selected,
Cisco Secure ACS uses LDAP version 2.
–
Security—Whether Cisco Secure ACS uses SSL to provide more secure
communication with the LDAP server. If you do not enable SSL, user
credentials are passed to the LDAP server in clear text.