[c-nsp] Cisco ASA - LDAP Attribute map - IETF-Radius-Class - map-value
Jason Charlton
jasonch518 at gmail.com
Thu Nov 25 00:52:44 EST 2010
Hello,
I am trying to setup my ASA to do authentication for VPN useres, where
specific group-policy will be assigned based on the AD group membership.
I know this can be achieved though the below commands:
ldap attribute-map CISCOMAP
map-name memberOf IETF-Radius-Class
map-value memberOf CN=Test Users,OU=PlaceHolder,OU=Outside
Contacts,OU=xedixxx,DC=xxxrite,DC=local
aaa-server LDAP protocol ldap
aaa-server LDAP (inside) host 192.16.32.194
ldap-base-dn DC=xxxrite,DC=local
ldap-scope subtree
ldap-naming-attribute samAccountName
ldap-login-password *
ldap-login-dn CN=LDAP Reader,OU=Utility Accounts,OU=Information
Technology,OU=xedixxx,DC=xxxrite,DC=local
server-type auto-detect
ldap-attribute-map CISCOMAP
group-policy Employees internal
group-policy Employees attributes
wins-server value 10.10.19.249
dns-server value 192.16.32.194 10.10.19.248
vpn-simultaneous-logins 1
vpn-tunnel-protocol svc
split-tunnel-policy tunnelspecified
split-tunnel-network-list value SSLVPN
default-domain value xxx.local
webvpn
svc keep-installer installed
svc ask enable default svc
The values have been changed to different names for this thread, but the
basics are the same. The issue I seem to be having is with the bold
portion, where I have spaces in my CN & OU names for the map-value. This is
an existing infrastructure, and it is not really feasible to change the CNs
& OU's to not have spaces. Are there any other work arounds? Is this fixed
in a later code? I am running 8.0(4).
There doesn't seem to be an issue with the spaces in the ldap-login-dn, just
with the map-value for IETF-Radius-Class
Thanks for any help.
More information about the cisco-nsp
mailing list