02-23-2016 01:47 AM - edited 03-10-2019 11:30 PM
Hello Cisco Community,
Our security team wanted to synchronize our ACS with LDAP / AD / RSA for dual security proposes
We would like to request assistance if:
1. this is possible on our current setup and ACS model
2. it possible to make it Active – Active? Current setup is Active – Standby
3.there any bugs regarding with the current installed version for this configuration?
4.check how many user account it can accomodate
02-23-2016 08:19 AM
Are you trying to setup internal and external database for the failover purpose. This can be done but only in active standby mode. For example if user not found in internal db then the next db in the identity store sequence can be queried. let me know if we are on same page.
~ Jatin
02-23-2016 04:45 PM
Our security team wanted to synchronize our ACS with LDAP / AD / RSA for dual security proposes this is possible on our current setup (active-standby) and in ACS 5.4.0.46.5?
02-27-2016 09:10 AM
Hi,
As Jatin has suggested, set up LDAP\Internal\AD integration, create an identity store sequence which is rule based according to your preference, and then user lookup is performed according to sequence. Active-standby in this context is regarding the identity sequence and not the ACS cluster.
Take care of timers per authentication method if you plan to use a sequence.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide