06-10-2013 04:32 AM - edited 03-10-2019 08:31 PM
I've successfully integrated ACS 5.3 with Active Directory for 802.1x implementation. Now i want to cache Active Directory users in ACS so that the user request from ACS does not go to AD every time.
After a certain time period the ACS database gets sync with AD.
Regards,
SJSJ
06-10-2013 07:10 AM
Dynamic users only existed in ACS 4.x and don't in 5.x. In 4.x they were created with a pointer to the external user database that contained the password. This way we didn't have to determine what external db they were in everytime we got a request from that user. We do not store a password in ACS (unless it's an internal user).
Anytime you make changes to your external user databases all dynamic users are flushed since they could possibly map to a different external db after the changes.
However, ACS 5.x does cache the group membership info for sometime.
Jatin Katyal
- Do rate helpful posts -
06-11-2013 09:50 PM
Thanks for the info.
Can you please share any cisco document related to this.
Also please let me know if there is any workaround to achieve this.
Regards,
SJSJ
06-12-2013 01:34 AM
Sure!!! Take a look here:
From cisco doc:
Identity store lists, provided by the unknown user policy in ACS 3.x and 4.x, are configured using identity store sequences in ACS 5.2. There is no concept of a dynamic user in ACS 5.2.
Unfortunately there is no work around.
Jatin Katyal
- Do rate helpful posts -
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide