https://community.cisco.com/t5/network-security/asa-and-ldap-authorization/m-p/1085492#M418981 <HTML><HEAD></HEAD><BODY><P>The LDAP authorization attributes is not only for predefined group policy. You can push many attributes as per your requirement. As you want to push ACL on per user basis, that would be defined under "Cisco-AV-Pair". But again, in order to do that, you need to go through the document, and configure/add/edit your LDAP schema, so that it can have a security appliance authorization schema [object class (User-Authorization)], and all the listed attributes need to be added (all or some depending on your need) under this object class.</P><P></P><P>What can be done using the attributes is, I guess, self explanatory. Please refer to table,</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/extsvr.html#wp1629915" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/extsvr.html#wp1629915</A></P><P></P><P>If you are looking for ldif file that needs to be created, you find an example file in this document. Go to the heading "Example Security Appliance Authorization Schema". You may want to get some help from an LDAP expert.</P><P></P><P>But to push authorization attributes from LDAP server to ASA, you needs to add the LDAP authorization attributes in your LDAP.</P><P></P><P>Regards,</P><P>Prem</P><P></P><P>Please rate if it helps!</P></BODY></HTML> Sun, 31 Aug 2008 16:45:06 GMT Premdeep Banga 2008-08-31T16:45:06Z https://community.cisco.com/t5/network-security/asa-and-ldap-authorization/m-p/1085489#M418971 <P>Hello all,</P><P>I'm looking for the way to download user profiles for ASA (both IPSec and SSL) from LDAP server.</P><P>Quite similar to what it's possible to do with RADIUS ip-acl and webvpn-acl attributes.</P><P>Authentication works, I just need to limit access per user.</P><P></P> Sat, 22 Feb 2020 07:18:36 GMT https://community.cisco.com/t5/network-security/asa-and-ldap-authorization/m-p/1085489#M418971 v.kirillov 2020-02-22T07:18:36Z https://community.cisco.com/t5/network-security/asa-and-ldap-authorization/m-p/1085490#M418976 <HTML><HEAD></HEAD><BODY><P>You would be required to define a security appliance authorization schema, and then use the attributes that you want,</P><P></P><P>Configuring an External LDAP Server:</P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/extsvr.html#wp1577162" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/extsvr.html#wp1577162</A></P><P></P><P>Regards,</P><P>Prem</P><P></P><P>Please rate if it helps!</P></BODY></HTML> Sun, 31 Aug 2008 05:38:05 GMT https://community.cisco.com/t5/network-security/asa-and-ldap-authorization/m-p/1085490#M418976 Premdeep Banga 2008-08-31T05:38:05Z https://community.cisco.com/t5/network-security/asa-and-ldap-authorization/m-p/1085491#M418978 <HTML><HEAD></HEAD><BODY><P>Hello,</P><P></P><P>Thanks for the reply.</P><P>I understand it. However, what I found as examples only maps predefined group-policy, accepts or denies the access etc. So, not really the ACL as I need to apply per-user.</P><P>Do you have more examples?</P></BODY></HTML> Sun, 31 Aug 2008 09:01:54 GMT https://community.cisco.com/t5/network-security/asa-and-ldap-authorization/m-p/1085491#M418978 v.kirillov 2008-08-31T09:01:54Z https://community.cisco.com/t5/network-security/asa-and-ldap-authorization/m-p/1085492#M418981 <HTML><HEAD></HEAD><BODY><P>The LDAP authorization attributes is not only for predefined group policy. You can push many attributes as per your requirement. As you want to push ACL on per user basis, that would be defined under "Cisco-AV-Pair". But again, in order to do that, you need to go through the document, and configure/add/edit your LDAP schema, so that it can have a security appliance authorization schema [object class (User-Authorization)], and all the listed attributes need to be added (all or some depending on your need) under this object class.</P><P></P><P>What can be done using the attributes is, I guess, self explanatory. Please refer to table,</P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/extsvr.html#wp1629915" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa81/config/guide/extsvr.html#wp1629915</A></P><P></P><P>If you are looking for ldif file that needs to be created, you find an example file in this document. Go to the heading "Example Security Appliance Authorization Schema". You may want to get some help from an LDAP expert.</P><P></P><P>But to push authorization attributes from LDAP server to ASA, you needs to add the LDAP authorization attributes in your LDAP.</P><P></P><P>Regards,</P><P>Prem</P><P></P><P>Please rate if it helps!</P></BODY></HTML> Sun, 31 Aug 2008 16:45:06 GMT https://community.cisco.com/t5/network-security/asa-and-ldap-authorization/m-p/1085492#M418981 Premdeep Banga 2008-08-31T16:45:06Z