cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to Cisco Firewalls Community


126
Views
0
Helpful
1
Replies

Read-only ASDM access for LDAP remote-authenticated user based on AD User Group

Hi forum members,

ASA 5580 is provisioned for remote authentication towards Active Directory. The administrator must be a member of AD User Group XXX.

New requirement is for a consultant to have read-only access via ASDM and is a member of AD User Group YYY. Would the following work?

 

ldap attribute-map LDAP_MemberOf_ServiceType_Privilege
 map-name  memberOf IETF-Radius-Service-Type
 map-value memberOf "CN=XXX,OU=Groups,OU=Service Management,DC=ad,DC=au" 6
 map-value memberOf "CN=YYY,OU=Groups,OU=Service Management,DC=ad,DC=au" 6 map-name memberOf Privilege-Level map-value memberOf "CN=YYY,OU=Groups,OU=Service Management,DC=ad,DC=au" 5 aaa-server AAA_for_ADMIN protocol ldap aaa-server AAA_for_ADMIN (inside) host ad_server ldap-base-dn dc=ad,dc=au ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password ****** ldap-login-dn CN=bind,DC=ad,DC=au server-type microsoft ldap-attribute-map LDAP_MemberOf_ServiceType_Privilege aaa authentication http console AAA_for_ADMIN LOCAL aaa authentication ssh console AAA_for_ADMIN LOCAL aaa authorization exec authentication-server

privilege cmd  level 5 mode exec command dir
privilege cmd  level 5 mode exec command export
privilege cmd  level 5 mode exec command more
privilege show level 5 mode configure command asdm
privilege show level 5 mode configure command privilege
privilege show level 5 mode exec command import
privilege show level 5 mode exec command running-config

Most importantly, it must be that privilege remains 15 for members of AD User Group XXX.

Comments/advice?

R's, Alex

Everyone's tags (1)
1 REPLY 1
Highlighted
VIP Advisor

Re: Read-only ASDM access for LDAP remote-authenticated user based on AD User Group

+1

 

I am more interested to see this solution for this post, since it never worked for me, i have tried all options, and could not get success to give one of the user only read only access.

 

we have Cluster of 5585X with stable OS in it 9.6.X

As per my research not possible, but welcome any solution found.

 

 

BB
*** Rate All Helpful Responses ***
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here