Cisco Systems 3.3 Manual De Usuario
13-51
User Guide for Cisco Secure ACS for Windows Server
78-16592-01
Chapter 13 User Databases
Novell NDS Database
For users to authenticate against a Novell NDS database, Cisco Secure ACS must
be correctly configured to recognize the Novell NDS structure. Cisco Secure ACS
supports up to twenty Novell NDS trees. Each Novell NDS tree configuration can
support a list of user contexts. For a user to authenticate against a Novell NDS
context, the applicable user object must exist in one of the contexts provided and
the user password must be able to log the name into the tree.
be correctly configured to recognize the Novell NDS structure. Cisco Secure ACS
supports up to twenty Novell NDS trees. Each Novell NDS tree configuration can
support a list of user contexts. For a user to authenticate against a Novell NDS
context, the applicable user object must exist in one of the contexts provided and
the user password must be able to log the name into the tree.
User Contexts
You must supply one or more contexts when you configure Cisco Secure ACS to
authenticate with an NDS database; however, users can supply an additional
portion of the full context that defines their fully qualified usernames. In other
words, if none of the contexts in the list of contexts contains a username submitted
for authentication, the username must specify exactly how they are subordinate to
the contexts in the list of contexts. The user specifies the manner in which a
username is subordinate to a context by providing the additional context
information needed to uniquely identify the user in the NDS database.
authenticate with an NDS database; however, users can supply an additional
portion of the full context that defines their fully qualified usernames. In other
words, if none of the contexts in the list of contexts contains a username submitted
for authentication, the username must specify exactly how they are subordinate to
the contexts in the list of contexts. The user specifies the manner in which a
username is subordinate to a context by providing the additional context
information needed to uniquely identify the user in the NDS database.
Consider the following example tree:
[Root] whose treename=ABC
OU=ABC-Company
OU=sales
CN=Agamemnon
OU=marketing
CN=Odysseus
OU=marketing-research
CN=Penelope
OU=marketing-product
CN=Telemachus
If the context list configured in Cisco Secure ACS were:
ABC-Company,sales.ABC-Company
Agamemnon would successfully authenticate if he submitted “Agamemnon.sales”
as his username. If he submitted only “Agamemnon”, authentication would fail.
as his username. If he submitted only “Agamemnon”, authentication would fail.
lists the users given in the example tree and the username with context
that would allow each user to authenticate successfully.