https://community.cisco.com/t5/network-security/asa-ldap-authorization/m-p/706780#M422817 <HTML><HEAD></HEAD><BODY><P>I just created an LDAP server entry, put in my Base DN, used 'uid' as my Naming Attribute, and applied the LDAP attribute Map.</P><P></P><P>The LDAP attribute map contains:</P><P></P><P>Map Name: 'uid' as Customer Name, and 'cVPN-3000-IETF-Radius-Class' as the Cisco Name. </P><P></P><P>Map Value: 'johndoe' as Customer Value, and a group policy for the Cisco Value.</P><P></P><P>Hope that helps.</P><P></P><P>Mark </P></BODY></HTML> Wed, 07 Mar 2007 20:24:57 GMT markbialik 2007-03-07T20:24:57Z https://community.cisco.com/t5/network-security/asa-ldap-authorization/m-p/706778#M422815 <P>Hello:</P><P></P><P>I have a LDAP server configured and authentication working just fine. My next goal is to provide SSL VPN services to some employees. Their Tunnel Group membership should depend upon their LDAP 'group' membership.</P><P></P><P>For example, our LDAP administrator has configured user entries like this:</P><P></P><P>dn: uid=jdoe,ou=People,o=company.com</P><P>givenName: John</P><P>sn: Doe</P><P>mail: <A href="mailto:jdoe@company.com" target="_blank">jdoe@company.com</A></P><P>objectClass: top</P><P>objectClass: person</P><P>objectClass: organizationalPerson</P><P>objectClass: inetOrgPerson</P><P>objectClass: inetorgpersonsub1</P><P>uid: jdoe</P><P>cn: John Doe</P><P>description: Employee</P><P>description: Information Systems</P><P></P><P></P><P>He seems to like to use 'description' instead of OU for some reason, but that's out of my control. I assume I need to perform some sort of LDAP Attribute mapping to make this happen.</P><P></P><P>In the above example, I would like to create a Tunnel Group called 'IS' on the ASA, and if a user has 'description: Information Systems' in the ir LDAP, they would be mapped to the 'IS' tunnel group.</P><P></P><P>Can someone shed some light?</P><P></P><P>Thanks!</P><P></P><P>Mark</P> Fri, 21 Feb 2020 09:17:03 GMT https://community.cisco.com/t5/network-security/asa-ldap-authorization/m-p/706778#M422815 markbialik 2020-02-21T09:17:03Z https://community.cisco.com/t5/network-security/asa-ldap-authorization/m-p/706779#M422816 <HTML><HEAD></HEAD><BODY><P>Authorization works if the object class cVPN-3000-User-Authorization is added to the schema.</P><P></P><P>How did you get Authentication working?</P></BODY></HTML> Mon, 05 Feb 2007 18:31:03 GMT https://community.cisco.com/t5/network-security/asa-ldap-authorization/m-p/706779#M422816 bmeyercan 2007-02-05T18:31:03Z https://community.cisco.com/t5/network-security/asa-ldap-authorization/m-p/706780#M422817 <HTML><HEAD></HEAD><BODY><P>I just created an LDAP server entry, put in my Base DN, used 'uid' as my Naming Attribute, and applied the LDAP attribute Map.</P><P></P><P>The LDAP attribute map contains:</P><P></P><P>Map Name: 'uid' as Customer Name, and 'cVPN-3000-IETF-Radius-Class' as the Cisco Name. </P><P></P><P>Map Value: 'johndoe' as Customer Value, and a group policy for the Cisco Value.</P><P></P><P>Hope that helps.</P><P></P><P>Mark </P></BODY></HTML> Wed, 07 Mar 2007 20:24:57 GMT https://community.cisco.com/t5/network-security/asa-ldap-authorization/m-p/706780#M422817 markbialik 2007-03-07T20:24:57Z