Cisco ACS LDAP support

Unanswered Question
Jun 9th, 2009

Does Cisco ACS support the search scope functionality? We are trying to get ACS to go to a specific container and if the user is not found there, to search the OUs in the structure to see if it is there.

Thank you,


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dpatkins Wed, 06/17/2009 - 13:04

I should clarify this. I am trying to use Cisco ACS 4.2, generic LDAP and Active Directory. My issue is that I can actually create the OU=mygroup,DC=Windows,DC=mydomain,DC=edu. I can authenticate just fine using the test aaa-server option on an ASA. What I would like to be able to do is use a wildcard in the OU so it will search through the structure to find the users that have these generic LDAP attributes:

User Directory Subtree - OU=mygroup,DC=Windows,DC=mydomain,DC=edu

Group Directory Subtree - DC=Windows,DC=mydomain,DC=edu

UserObjectType - sAMAcountName

UserObjectClass - person

GroupObjectType - cn

GroupObjectClass - group

Group Attribute Name - memberof

Basically what I would like is for it to look at the group subtree and search all the sAMAccountNames in each group in the entire structure.

Am I on the right track? I have been working on this for quite a while and I am in by no means a LDAP expert. I am not sure if I have hte correct Common LDAP Configuration for AD, but I am sure that it is pretty standard across the board.

Thank you for your help.



This Discussion