ACS 5.3 Active Directory Users Cache

SJ SJ · ‎06-10-2013

I've successfully integrated ACS 5.3 with Active Directory for 802.1x implementation. Now i want to cache Active Directory users in ACS so that the user request from ACS does not go to AD every time.

After a certain time period the ACS database gets sync with AD.

Regards,

SJSJ

Jatin Katyal · ‎06-10-2013

Dynamic users only existed in ACS 4.x and don't in 5.x. In 4.x they were created with a pointer to the external user database that contained the password. This way we didn't have to determine what external db they were in everytime we got a request from that user. We do not store a password in ACS (unless it's an internal user).

Anytime you make changes to your external user databases all dynamic users are flushed since they could possibly map to a different external db after the changes.

However, ACS 5.x does cache the group membership info for sometime.

Jatin Katyal
- Do rate helpful posts -

~Jatin

SJ SJ · ‎06-11-2013

Thanks for the info.

Can you please share any cisco document related to this.

Also please let me know if there is any workaround to achieve this.

Regards,

SJSJ

Jatin Katyal · ‎06-12-2013

Sure!!! Take a look here:

From cisco doc:

Identity store lists, provided by the unknown user policy in ACS 3.x and 4.x, are configured using identity store sequences in ACS 5.2. There is no concept of a dynamic user in ACS 5.2.

http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_system/5.2/migration/guide/Migration_Configure.html

Unfortunately there is no work around.

Jatin Katyal
- Do rate helpful posts -

~Jatin