If a system is configured for a supported remote authentication service, you must create a provider for that service to ensure that Prime Network Services Controller and the system configured with the service can communicate.
User Accounts in Remote Authentication Services
You can create user accounts in Prime Network Services Controller or in the remote authentication server.
The temporary sessions for users who log in through remote authentication services can be viewed through the Prime Network Services Controller GUI.
User Roles and Locales in Remote Authentication Services
If you create user accounts in the remote authentication server, you must ensure that the accounts include the roles and locales those users require for working in Prime Network Services Controller and that the names of those roles and locales match the names used in Prime Network Services Controller. If an account does not have the required roles and locales, the user is granted only read-only privileges.
LDAP Attribute for User
In Prime Network Services Controller, the LDAP attribute that holds the LDAP user
roles and locales is preset. This attribute is always a name-value pair. For example, by default CiscoAvPair specifies the role and
locale information for the user, and if the filter is specified, the LDAP search is restricted to those values that match the defined filter. By default, the filter is sAMAccountName=$userid. The user can change these values to match the setting on the LDAP server. When a user logs in, Prime Network Services Controller checks for the value of
the attribute when it queries the remote authentication service and
validates the user. The value should be identical to the
An example of LDAP property settings is as follows:
- Base DN—DC=cisco, DC=com (The specific location in the LDAP hierarchy where Prime Network Services Controller starts the query for the LDAP user.)