Cisco Systems Servers Manuale Utente
11-15
Cisco Secure ACS 3.0 for Windows 2000/NT Servers User Guide
78-13751-01, Version 3.0
Chapter 11 Working with User Databases
Generic LDAP
This section contains the following topics:
•
•
•
•
•
•
Cisco Secure ACS Authentication Process with a Generic LDAP
User Database
User Database
Cisco Secure ACS forwards user authentication requests to an LDAP database in
one of two scenarios. The first scenario is when the user’s account in the
CiscoSecure user database lists an LDAP configuration as the authentication
method. The second is when the user is unknown to the CiscoSecure user database
and the Unknown User Policy dictates that an LDAP database is the next external
user database to try.
one of two scenarios. The first scenario is when the user’s account in the
CiscoSecure user database lists an LDAP configuration as the authentication
method. The second is when the user is unknown to the CiscoSecure user database
and the Unknown User Policy dictates that an LDAP database is the next external
user database to try.
In either case, Cisco Secure ACS forwards the username and password to the
LDAP database. The LDAP database either passes or fails the authentication
request from Cisco Secure ACS. Upon receiving the response from the LDAP
database, Cisco Secure ACS instructs the requesting AAA client to grant or deny
the user access, depending upon the response from the LDAP server.
LDAP database. The LDAP database either passes or fails the authentication
request from Cisco Secure ACS. Upon receiving the response from the LDAP
database, Cisco Secure ACS instructs the requesting AAA client to grant or deny
the user access, depending upon the response from the LDAP server.
Cisco Secure ACS grants authorization based on the Cisco Secure ACS group to
which the user is assigned. While the group to which a user is assigned can be
determined by information from the LDAP server, it is Cisco Secure ACS that
grants authorization privileges. See
which the user is assigned. While the group to which a user is assigned can be
determined by information from the LDAP server, it is Cisco Secure ACS that
grants authorization privileges. See