Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Cisco ACS 5.2 authentication against multiple LDAP servers

Hi Folks,

I have a wireless network that uses ACS 5.2 to handle authentication.   The ACS is integrated with an Active Directory LDAP server (my_ldap) and is working correctly at the moment.    The authentication flow looks like this:

 - User tries to associate to WLAN

 - Authentication request is sent to ACS

 - Service selection rule chooses an access-policy (wireless_access_policy)

 - wireless_access_policy is configured to use my_ldap as identity source.


A sister company is about to move into our offices, and will need access to the same WLAN.    Users in the sister company are members of a separate AD domain (sister_company_ldap).    I would like to modify the wireless_access_policy so that when it receives an authentication request it will query both my_ldap and sister_company_ldap, and return a passed authentication if either attempt is successful.     Is this possible?



New Member

Assuming your already

Assuming you're already authenticating using your AD binding and AD1 as your identity source, you can add a further LDAP server as another identity source and add this to your identity store sequence in your access policy to authenticate against both.

You can also add multiple LDAP servers and add them both to the identity store sequence (if you're not using AD1).