Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CISCO ACS 5.x and LDAP Feature question

Hi all,

following scenario:

for a user to authnticate we make an ldap query quering also the groups where the user is in.

The user can be in multiple groups and for every group where the user is in, we want to send a separate class-attribute

 

example:

user1 = member of group1and group3

the RADIUS-Client should receive then Class=group1, Class=group3,

...

In ACS 5.2 only the first matching group will be sent as class-attribute, in the example the RADIUS-Client receives only Class=group1

 

Log message:

"24101 Some of the retrieved attributes contain multiple values. These values are discarded. The default values, if configured, will be used for these attributes."

 

 

Is that functionality working anywhere with a newer ACS 5 Version ?

 

Thanks

 

Volker

Everyone's tags (1)
1 REPLY

Hey Volker,Multi value

Hey Volker,

Multi value attribute included in ACS 5.5.

http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-5/user/guide/acsuserguide/users_id_stores.html#pgfId-1426893

Rate if Useful :)

Sharing knowledge makes you Immortal.

Regards,

Ed

 

63
Views
0
Helpful
1
Replies
CreatePlease login to create content