Solved: LDAP or AD for External Database - Secure ACS 5.2

dcountryman68 · ‎09-28-2012

I am working on project with Secure ACS 5.2. I am trying to determine the proper External Database to use. LDAP or direct to AD?

Additionally, the Domain that I am connecting to has Multiple sub domains. All of the users are currently in the Sub domains, but will be moving to root domain later. How should I configure the connection, do I need to connec to each sub domain or can I just connect to the root?

Thank you

Tarik Admani · ‎09-28-2012

Hi,

If you are using PEAP (mschapv2) [password based authentication] your best bet is to bind ACS to AD, since PEAP-mschapv2 is a hashing mechanism that is only supported when you bind to AD, it will not work if you use ldap integration.

Your best option is to connect ACS to the root domain so it can use the transitive trusts to find the information in its subdomains.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

Tarik Admani · ‎09-28-2012

Hi,

If you are using PEAP (mschapv2) [password based authentication] your best bet is to bind ACS to AD, since PEAP-mschapv2 is a hashing mechanism that is only supported when you bind to AD, it will not work if you use ldap integration.

Your best option is to connect ACS to the root domain so it can use the transitive trusts to find the information in its subdomains.

Thanks,

Tarik Admani
*Please rate helpful posts*

dcountryman68 · ‎10-02-2012

Thank you very much for the reply.