https://community.cisco.com/t5/network-access-control/asa-ldap-authorization/m-p/701279#M422532 <P>Hello:</P><P></P><P>I have a LDAP server configured and authentication working just fine. My next goal is to provide SSL VPN services to some employees. Their Tunnel Group membership should depend upon their LDAP 'group' membership.</P><P></P><P>For example, our LDAP administrator has configured user entries like this:</P><P></P><P>dn: uid=jdoe,ou=People,o=company.com</P><P>givenName: John</P><P>sn: Doe</P><P>mail: <A href="mailto:jdoe@company.com" target="_blank">jdoe@company.com</A></P><P>objectClass: top</P><P>objectClass: person</P><P>objectClass: organizationalPerson</P><P>objectClass: inetOrgPerson</P><P>objectClass: inetorgpersonsub1</P><P>uid: jdoe</P><P>cn: John Doe</P><P>description: Employee</P><P>description: Information Systems</P><P></P><P></P><P>He seems to like to use 'description' instead of OU for some reason, but that's out of my control. I assume I need to perform some sort of LDAP Attribute mapping to make this happen.</P><P></P><P>In the above example, I would like to create a Tunnel Group called 'IS' on the ASA, and if a user has 'description: Information Systems' in the ir LDAP, they would be mapped to the 'IS' tunnel group.</P><P></P><P>Can someone shed some light?</P><P></P><P>Thanks!</P><P></P><P>Mark</P> Sun, 10 Mar 2019 21:49:26 GMT markbialik 2019-03-10T21:49:26Z https://community.cisco.com/t5/network-access-control/asa-ldap-authorization/m-p/701279#M422532 <P>Hello:</P><P></P><P>I have a LDAP server configured and authentication working just fine. My next goal is to provide SSL VPN services to some employees. Their Tunnel Group membership should depend upon their LDAP 'group' membership.</P><P></P><P>For example, our LDAP administrator has configured user entries like this:</P><P></P><P>dn: uid=jdoe,ou=People,o=company.com</P><P>givenName: John</P><P>sn: Doe</P><P>mail: <A href="mailto:jdoe@company.com" target="_blank">jdoe@company.com</A></P><P>objectClass: top</P><P>objectClass: person</P><P>objectClass: organizationalPerson</P><P>objectClass: inetOrgPerson</P><P>objectClass: inetorgpersonsub1</P><P>uid: jdoe</P><P>cn: John Doe</P><P>description: Employee</P><P>description: Information Systems</P><P></P><P></P><P>He seems to like to use 'description' instead of OU for some reason, but that's out of my control. I assume I need to perform some sort of LDAP Attribute mapping to make this happen.</P><P></P><P>In the above example, I would like to create a Tunnel Group called 'IS' on the ASA, and if a user has 'description: Information Systems' in the ir LDAP, they would be mapped to the 'IS' tunnel group.</P><P></P><P>Can someone shed some light?</P><P></P><P>Thanks!</P><P></P><P>Mark</P> Sun, 10 Mar 2019 21:49:26 GMT https://community.cisco.com/t5/network-access-control/asa-ldap-authorization/m-p/701279#M422532 markbialik 2019-03-10T21:49:26Z https://community.cisco.com/t5/network-access-control/asa-ldap-authorization/m-p/701280#M422534 <HTML><HEAD></HEAD><BODY><P>The SSL VPN Client (SVC) is a VPN tunneling technology that gives remote users the benefits of an IPSec VPN client without the need for network administrators to install and configure IPSec VPN clients on remote computers. REfer URL for SSL VPN Servies</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080565910.html" target="_blank">http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080565910.html</A></P></BODY></HTML> Wed, 08 Nov 2006 20:47:59 GMT https://community.cisco.com/t5/network-access-control/asa-ldap-authorization/m-p/701280#M422534 wong34539 2006-11-08T20:47:59Z