cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

738
Views
0
Helpful
2
Replies
dcountryman68
Enthusiast

LDAP or AD for External Database - Secure ACS 5.2

I am working on project with Secure ACS 5.2.  I am trying to determine the proper External Database to use.  LDAP or direct to AD?

Additionally, the Domain that I am connecting to has Multiple sub domains.  All of the users are currently in the Sub domains, but will be moving to root domain later.  How should I configure the connection, do I need to connec to each sub domain or can I just connect to the root?

Thank you

1 ACCEPTED SOLUTION

Accepted Solutions
Tarik Admani
Advocate

Hi,

If you are using PEAP (mschapv2) [password based authentication] your best bet is to bind ACS to AD, since PEAP-mschapv2 is a hashing mechanism that is only supported when you bind to AD, it will not work if you use ldap integration.

Your best option is to connect ACS to the root domain so it can use the transitive trusts to find the information in its subdomains.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

2 REPLIES 2
Tarik Admani
Advocate

Hi,

If you are using PEAP (mschapv2) [password based authentication] your best bet is to bind ACS to AD, since PEAP-mschapv2 is a hashing mechanism that is only supported when you bind to AD, it will not work if you use ldap integration.

Your best option is to connect ACS to the root domain so it can use the transitive trusts to find the information in its subdomains.

Thanks,

Tarik Admani
*Please rate helpful posts*

View solution in original post

Thank you very much for the reply.

Content for Community-Ad