Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1819
Views
0
Helpful
1
Replies

ACS 5.2 - LDAP Authentication Works, Authorization Fails

tcroziercisco
Level 1
Level 1

‎10-25-2011 10:58 AM - edited ‎03-10-2019 06:30 PM

I set up LDAP store pointing to a Windows domain and am testing authenticating users via an ASA.  In my LDAP config, its set for "Groups Objects refer to subjects" and I selected usernames in the drop down.  I also added a a Global Group to the Directory groups tab in the LDAP store that I created.

Under my Access Polices, I created a rule that meets two condititons - coming from the ASA, and then I was able to select the group from the drop down box for my ldap domain.  As a condition, it shows up as DomainName:External Groups.  I set the permission to Permit Access.

Orginally, I was failing authentication and I was receiving Subject Not Found in Store.  I adjusted the Identity Sequence and now I receive a the following error:

15039:  Selected Authorization Profile is Deny Access.  So it must not be asscoaiting my account with the group with the Permit Access and using the Default Permissions.

So it does match the correct Access Service, and Identity Store.

Labels:
0 Helpful
1 Reply 1

tcroziercisco
Level 1
Level 1

‎10-25-2011 11:58 AM

Had to change the Group Map Attribute to "member" and authorization worked

0 Helpful
Customers Also Viewed These Support Documents