RDBMS functionalities

leoni · ‎10-11-2006

Hi All,

Is it possible to create an LDAP database configuration and the related db group mapping via RDBMS on ACS windows version (Release 4.0(1) Build 27)?

What I'm trying to do is maintaing the ACS configuration dynamically up to date with an external Oracle DB.

Thank and Best Regards,

Leo

darpotter · ‎10-11-2006

If I understand it right, you want to authenticate via LDAP but do group mapping from ODBC?

This isnt possible with ACS as group mapping is performed by the external authenticator - in your case LDAP.

However, your last sentance about maintaining groups via ODBC is possible using the RDBMS Sync feature of ACS. Refer to

http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a008052e972.html#wp756992

Darran

leoni · ‎10-12-2006

In our environment we'll be having users authenticating via the internal ACS DB and others via LDAP.

The ones authenticating via LDAP will be divided in different groups and for each group we'll have an LDAP DB config in ACS.

LDAP sends the OK to ACS only if the user to be authenticated exists in the "User Directory Subtree" AND belongs to the "Group Directory Subtree", right? But once ACS got the OK it has to know how to deal with the user, giving him access to devices he can access, and rights. This task is done with "External User Databases -> Database Group Mappings", and it's what I'd like to do automatically with RDBMS.

Is my understanding of the LDAP authentication process wrong? If yes, what do I exaclty do wrong?

If I'm not wrong, will this work with RDBMS?

Thanks