topic I having the same problem. I in Network Access Control

Can Cisco ASA work with spaces in LDAP DN string to authenticate and assign group policies?

charlesriley — Mon, 11 Mar 2019 04:40:24 GMT

I am having the hardest time getting a definitive answer to this; basically, I have a Cisco ASA firewall that is using AD via LDAP to authenticate users and assign them a group policy based on certain AD group memberships.

The problem I think I have is that due to how our AD forest is structured, I have spaces in the DN string, as shown below... I have tried enclosing the entire string in quotes, etc. - nothing seems to work. Basically, the string is not matched, and the users are assigned a non-matching default policy. Cisco TAC thinks it is due to the spaces (highlighted) but I am not sure sure.

Can some one please advise?

CN=VPN_SSL_SPLIT,OU=Grps - ACS,OU=Res - Groups,OU=BU - Vesna.Resources,DC=DOM1,DC=US,DC=LOCAL

Yeah It does work! All you

Jatin Katyal — Mon, 28 Apr 2014 14:12:02 GMT

Yeah It does work! All you need to have the DN with spaces in quotes like this:

ldap attribute-map LDAP-MAP
map-name memberOf IETF-Radius-Class
map-value memberOf "CN=VPN_SSL_SPLIT,OU=Grps - ACS,OU=Res - Groups,OU=BU - Vesna.Resources,DC=DOM1,DC=US,DC=LOCAL" <Group Policy Name>

This will make the DN as a single entity and will not truncate when it read spaces.

In case you want to verify the same, run debug ldap 255 and look into it.

Regards,

Jatin Katyal

*Do rate helpful posts*

I have tried it with the

charlesriley — Mon, 28 Apr 2014 23:18:52 GMT

I have tried it with the quotes as suggested and it still does not work. I wonder if I have something else wrong, though I have checked and rechecked the DN strings and configuration repeatedly.

We can troubleshoot this

Jatin Katyal — Tue, 29 Apr 2014 03:02:53 GMT

We can troubleshoot this issue. Please provide me the following outputs:

show run aaa-server

show run ldap

Turn on "debug ldap 255" and reproduce the issue. Paste the output here.

Regards,

Jatin Katyal

*Do rate helpful posts*

I having the same problem. I

Herlander Stock — Fri, 06 Jun 2014 19:19:22 GMT

I having the same problem. I have a windows 2003 using RADIUS, but when using LDAP doesn't work. I got the error: Authentication Server not responding: AAA server has been removed

Please provide the same

Jatin Katyal — Fri, 06 Jun 2014 20:01:03 GMT

Please provide the same information:

show run aaa-server

show run ldap

Turn on "debug ldap 255" and reproduce the issue. Paste the output here.

Regards,

Jatin Katyal

**Do rate helpful posts**