Submitted ideas will be evaluated by our product teams for upcoming releases and will be responded to so you know where things stand. For product support, please use the community forums or contact TAC.
NOTE: All Cisco employees & Channel Partners must enter Ideas through this Ideas Portal.
Please consider enhancement of this function, to allow for the following:
Allow users defined on Network Server, with access level 'Network Admin' (NA) to have authentication performed via an external source (e.g. LDAP, RADIUS, etc)
External Authentication concept available on OCS is probably not suitable here, as there is no OCS layer bolted into NS for it to decide to sub-delegate authentication/authorisation to
Allow NA users defined on Network Server to retrieve 'Privilege Scope' via an external source (e.g. LDAP, RADIUS, etc) by mapping attributes/groups/etc that can be returned from the external source to the internal levels (for LDAP), or to parse returned responses from RADIUS (expect them to be strings matching pre-defined scope levels)
Allow NA users to be dynamically looked up without definition on NS, if an end-user attempts to login with a specific realm/domain. e.g. pre-assign namespace of "@admin.users" such that anyone attempting to authenticate/authorise as "user@admin.users" will automatically trigger a query to the external source, retrieving authorisation data and attempting authentication
Allow any/all external data sources to be accessible with/without encryption, multiple service points (round-robin, load-balance, etc)
Stretch Goal: Make it work with all commands within all relevant *_CLI systems (ref: SR691403975) instead of some/most.
Thanks!