[c-nsp] Cisco ASA - LDAP Attribute map - IETF-Radius-Class - map-value

Ryan West rwest at zyedge.com
Thu Nov 25 08:54:40 EST 2010


The middle one with quotes will do the trick.  Try 'debug ldap 255' and 'test aaa autho .....' to see the output for testing. 

Sent from handheld 

On Nov 25, 2010, at 4:29 AM, "John Kougoulos" <koug at intracom.gr> wrote:

> 
> 
> On Thu, 25 Nov 2010, Jason Charlton wrote:
> 
>> I am trying to setup my ASA to do authentication for VPN useres, where
>> specific group-policy will be assigned based on the AD group membership.
>> 
>> I know this can be achieved though the below commands:
>> 
>> ldap attribute-map CISCOMAP
>> map-name  memberOf IETF-Radius-Class
>> map-value memberOf CN=Test Users,OU=PlaceHolder,OU=Outside
>> Contacts,OU=xedixxx,DC=xxxrite,DC=local
>> 
>> 
>> The values have been changed to different names for this thread, but the
>> basics are the same.  The issue I seem to be having is with the bold
>> portion, where I have spaces in my CN & OU names for the map-value.  This is
>> an existing infrastructure, and it is not really feasible to change the CNs
>> & OU's to not have spaces.  Are there any other work arounds?  Is this fixed
>> in a later code?  I am running 8.0(4).
>> 
> 
> I didn't understand what type of problem you see, but have you tried the classic approaches?
> 
> eg. cn=Test\ Users
> or  "cn=Test Users"
> or cn=Test%20Users
> 
> Regards,
> John
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list