[c-nsp] Cisco ASA - LDAP Attribute map - IETF-Radius-Class - map-value
Jason Charlton
jasonch518 at gmail.com
Thu Nov 25 00:56:28 EST 2010
Sorry, the bold did not stick the first go around:
*map-value memberOf CN=Test Users,OU=PlaceHolder,OU=Outside
Contacts,OU=xedixxx,DC=xxxrite,DC=local*
On Thu, Nov 25, 2010 at 12:52 AM, Jason Charlton <jasonch518 at gmail.com>wrote:
> Hello,
>
>
>
> I am trying to setup my ASA to do authentication for VPN useres, where
> specific group-policy will be assigned based on the AD group membership.
>
> I know this can be achieved though the below commands:
>
> ldap attribute-map CISCOMAP
> map-name memberOf IETF-Radius-Class
> map-value memberOf CN=Test Users,OU=PlaceHolder,OU=Outside
> Contacts,OU=xedixxx,DC=xxxrite,DC=local
>
>
> aaa-server LDAP protocol ldap
> aaa-server LDAP (inside) host 192.16.32.194
> ldap-base-dn DC=xxxrite,DC=local
> ldap-scope subtree
> ldap-naming-attribute samAccountName
> ldap-login-password *
> ldap-login-dn CN=LDAP Reader,OU=Utility Accounts,OU=Information
> Technology,OU=xedixxx,DC=xxxrite,DC=local
> server-type auto-detect
> ldap-attribute-map CISCOMAP
>
> group-policy Employees internal
> group-policy Employees attributes
> wins-server value 10.10.19.249
> dns-server value 192.16.32.194 10.10.19.248
> vpn-simultaneous-logins 1
> vpn-tunnel-protocol svc
> split-tunnel-policy tunnelspecified
> split-tunnel-network-list value SSLVPN
> default-domain value xxx.local
> webvpn
> svc keep-installer installed
> svc ask enable default svc
>
>
>
>
>
> The values have been changed to different names for this thread, but the
> basics are the same. The issue I seem to be having is with the bold
> portion, where I have spaces in my CN & OU names for the map-value. This is
> an existing infrastructure, and it is not really feasible to change the CNs
> & OU's to not have spaces. Are there any other work arounds? Is this fixed
> in a later code? I am running 8.0(4).
>
>
>
> There doesn't seem to be an issue with the spaces in the ldap-login-dn,
> just with the map-value for IETF-Radius-Class
>
>
>
>
>
> Thanks for any help.
>
More information about the cisco-nsp
mailing list