On the controller you just have to select 802.1x under layer 2 security. And on the ACS server, under global authentication setup ensure that LEAP is selected. And the user database should be created on the ACS. If all this is done, and the ACS server is reachable from the WLC, the authentication should happen without any issues.