User Guide for Cisco Secure ACS for Windows Server
Chapter 13 User Databases
Generic LDAP
Strip domain before submitting username to LDAP server—When
“Only process usernames that are domain qualified” is selected, this
option specifies whether Cisco Secure ACS removes the domain qualifier
and its delimiting character before submitting a username to an LDAP
server. For example, if the username is “jwiedman@domain.com”, the
stripped username is “jwiedman”.
Process all usernames after stripping domain name and
delimiter—When this option is selected, Cisco Secure ACS submits all
usernames to an LDAP server after attempting to strip domain names.
Usernames that are not domain qualified are processed, too. Domain
name stripping occurs as specified by the following two options.
Strip starting characters through the last X character—When
“Process all usernames after stripping domain name and delimiter” is
selected, this option specifies that Cisco Secure ACS attempts to strip a
prefixed domain qualifier. If, in the username, Cisco Secure ACS finds
the delimiter character that is specified in the X box, it strips all
characters from the beginning of the username through the delimiter
character. If the username contains more than one of the characters
specified in the X box, Cisco Secure ACS strips characters through the
last occurrence of the delimiter character.
For example, if the delimiter character is “\” and the username is
“DOMAIN\echamberlain”, Cisco Secure ACS submits “echamberlain”
to an LDAP server.
Note The X box cannot contain the following special characters:
# ? " * > <
Cisco Secure ACS does not allow these characters in usernames;
therefore, if any of these characters are in the X box, stripping fails.
Strip ending characters through the first Y character—When
“Process all usernames after stripping domain name and delimiter” is
selected, this option specifies that Cisco Secure ACS attempts to strip a
suffixed domain qualifier. If, in the username, Cisco Secure ACS finds
the delimiter character that is specified in the Y box, it strips all
characters from the delimiter character through the end of the username.
If the username contains more than one of the character specified in the
Y box, Cisco Secure ACS strips characters starting with the first
occurrence of the delimiter character.