[c-nsp] Cisco ASA - LDAP Attribute map - IETF-Radius-Class - map-value
John Kougoulos
koug at intracom.gr
Thu Nov 25 04:08:38 EST 2010
On Thu, 25 Nov 2010, Jason Charlton wrote:
> I am trying to setup my ASA to do authentication for VPN useres, where
> specific group-policy will be assigned based on the AD group membership.
>
> I know this can be achieved though the below commands:
>
> ldap attribute-map CISCOMAP
> map-name memberOf IETF-Radius-Class
> map-value memberOf CN=Test Users,OU=PlaceHolder,OU=Outside
> Contacts,OU=xedixxx,DC=xxxrite,DC=local
>
>
> The values have been changed to different names for this thread, but the
> basics are the same. The issue I seem to be having is with the bold
> portion, where I have spaces in my CN & OU names for the map-value. This is
> an existing infrastructure, and it is not really feasible to change the CNs
> & OU's to not have spaces. Are there any other work arounds? Is this fixed
> in a later code? I am running 8.0(4).
>
I didn't understand what type of problem you see, but have you tried the
classic approaches?
eg. cn=Test\ Users
or "cn=Test Users"
or cn=Test%20Users
Regards,
John
More information about the cisco-nsp
mailing list