https://community.cisco.com/t5/network-access-control/radius-ldap-mapping-for-sgt/m-p/3709931#M492775 <P>Hello Team,</P> <P>It needs to be simple mistake, i had it working, now it's not working.</P> <P>I authorize user in LDAP which hits authz rule having the following authorization profile:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-09-19 at 23.36.53.png" style="width: 960px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/18917iD9D2C7FC9471D82F/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2018-09-19 at 23.36.53.png" alt="Screen Shot 2018-09-19 at 23.36.53.png" /></span></P> <P>Customer1_RODC is LDAP connection with physicalDeliveryOffice attribute:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-09-19 at 23.38.37.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/18918iD644DD9F56146C09/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2018-09-19 at 23.38.37.png" alt="Screen Shot 2018-09-19 at 23.38.37.png" /></span></P> <P>Now when i do authorize user, i can see the following in auth logs:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-09-19 at 23.36.32.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/18920i7E1D1360169303BA/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2018-09-19 at 23.36.32.png" alt="Screen Shot 2018-09-19 at 23.36.32.png" /></span></P> <P>Now - why value of physicalDeliveryOfficeName which is equal to 18 is not mapped ? And instead -01 is added to a string representation ?</P> <P>&nbsp;</P> <P>It was working fine, but probably i have lost connectivity to LDAP, but i have readed it along with attribute.</P> <P>Could you please confirm ?</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Michal</P> <P>&nbsp;</P> Wed, 19 Sep 2018 21:43:49 GMT Michal Garcarz 2018-09-19T21:43:49Z https://community.cisco.com/t5/network-access-control/radius-ldap-mapping-for-sgt/m-p/3709931#M492775 <P>Hello Team,</P> <P>It needs to be simple mistake, i had it working, now it's not working.</P> <P>I authorize user in LDAP which hits authz rule having the following authorization profile:</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-09-19 at 23.36.53.png" style="width: 960px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/18917iD9D2C7FC9471D82F/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2018-09-19 at 23.36.53.png" alt="Screen Shot 2018-09-19 at 23.36.53.png" /></span></P> <P>Customer1_RODC is LDAP connection with physicalDeliveryOffice attribute:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-09-19 at 23.38.37.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/18918iD644DD9F56146C09/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2018-09-19 at 23.38.37.png" alt="Screen Shot 2018-09-19 at 23.38.37.png" /></span></P> <P>Now when i do authorize user, i can see the following in auth logs:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="Screen Shot 2018-09-19 at 23.36.32.png" style="width: 999px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/18920i7E1D1360169303BA/image-size/large?v=v2&amp;px=999" role="button" title="Screen Shot 2018-09-19 at 23.36.32.png" alt="Screen Shot 2018-09-19 at 23.36.32.png" /></span></P> <P>Now - why value of physicalDeliveryOfficeName which is equal to 18 is not mapped ? And instead -01 is added to a string representation ?</P> <P>&nbsp;</P> <P>It was working fine, but probably i have lost connectivity to LDAP, but i have readed it along with attribute.</P> <P>Could you please confirm ?</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Michal</P> <P>&nbsp;</P> Wed, 19 Sep 2018 21:43:49 GMT https://community.cisco.com/t5/network-access-control/radius-ldap-mapping-for-sgt/m-p/3709931#M492775 Michal Garcarz 2018-09-19T21:43:49Z https://community.cisco.com/t5/network-access-control/radius-ldap-mapping-for-sgt/m-p/3729373#M492776 <P>IIRC we need the entire RHS of cisco-av-pair as the value of the AD/LDAP attribute; e.g. <SPAN>Cisco:cisco-av-pair = AD1:description</SPAN>.</P> Sun, 21 Oct 2018 17:52:49 GMT https://community.cisco.com/t5/network-access-control/radius-ldap-mapping-for-sgt/m-p/3729373#M492776 hslai 2018-10-21T17:52:49Z