Cisco Systems CSACS3415K9 Manual De Usuario
8-32
User Guide for Cisco Secure Access Control System 5.4
OL-26225-01
Chapter 8 Managing Users and Identity Stores
Managing External Identity Stores
Step 2
Click Finish.
The external identity store that you created is saved.
Username Prefix\Suffix Stripping
Strip start of subject name
up to the last occurrence of
the separator
up to the last occurrence of
the separator
Enter the appropriate text to remove domain prefixes from usernames.
If, in the username, ACS finds the delimiter character that is specified in the start_string box,
it strips all characters from the beginning of the username through the delimiter character.
it strips all characters from the beginning of the username through the delimiter character.
If the username contains more than one of the characters that are specified in the start_string
box, ACS strips characters through the last occurrence of the delimiter character. For example,
if the delimiter character is the backslash (\) and the username is DOMAIN\echamberlain,
ACS submits echamberlain to an LDAP server.
box, ACS strips characters through the last occurrence of the delimiter character. For example,
if the delimiter character is the backslash (\) and the username is DOMAIN\echamberlain,
ACS submits echamberlain to an LDAP server.
The start_string cannot contain the following special characters: the pound sign (#), the
question mark (?), the quote (“), the asterisk (*), the right angle bracket (>), and the left angle
bracket (<). ACS does not allow these characters in usernames. If the X box contains any of
these characters, stripping fails.
question mark (?), the quote (“), the asterisk (*), the right angle bracket (>), and the left angle
bracket (<). ACS does not allow these characters in usernames. If the X box contains any of
these characters, stripping fails.
Strip end of subject name
from the first occurrence of
the separator
from the first occurrence of
the separator
Enter the appropriate text to remove domain suffixes from usernames.
If, in the username, ACS finds the delimiter character that is specified in the Y box, it strips
all characters from the delimiter character through the end of the username.
all characters from the delimiter character through the end of the username.
If the username contains more than one of the character specified in the Y box, ACS strips
characters starting with the first occurrence of the delimiter character. For example, if the
delimiter character is the at symbol (@) and the username is jwiedman@domain, then ACS
submits jwiedman to an LDAP server.
characters starting with the first occurrence of the delimiter character. For example, if the
delimiter character is the at symbol (@) and the username is jwiedman@domain, then ACS
submits jwiedman to an LDAP server.
The end_string box cannot contain the following special characters: the pound sign (#), the
question mark (?), the quote ("), the asterisk (*), the right angle bracket (>), and the left angle
bracket (<). ACS does not allow these characters in usernames. If the end_string box contains
any of these characters, stripping fails.
question mark (?), the quote ("), the asterisk (*), the right angle bracket (>), and the left angle
bracket (<). ACS does not allow these characters in usernames. If the end_string box contains
any of these characters, stripping fails.
MAC Address Format
Search for MAC Address in
Format <format>
Format <format>
MAC addresses in internal identity stores are stored in the format xx-xx-xx-xx-xx-xx. MAC
addresses in LDAP databases can be stored in different formats. However, when ACS receives
a host lookup request, ACS converts the MAC address from the internal format to the format
that is specified in this field.
addresses in LDAP databases can be stored in different formats. However, when ACS receives
a host lookup request, ACS converts the MAC address from the internal format to the format
that is specified in this field.
Use the drop-down list box to enable search for MAC addresses in a specific format, where
<format> can be any one of the following:
<format> can be any one of the following:
•
xxxxxxxxxxxx
•
xx-xx-xx-xx-xx-xx
•
xx:xx:xx:xx:xx:xx
•
xxxx.xxxx.xxxx
The format you select must match the format of the MAC address stored in the LDAP server.
Table 8-8
LDAP: Directory Organization Page (continued)
Option
Description