Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1019
Views
0
Helpful
2
Replies

ASA and LDAP

PiEich
Level 1
Level 1

‎08-06-2012 04:29 AM - edited ‎03-10-2019 07:23 PM

Hy everyone!

I have an ASA talking to an LDAP to perform the VPN logins. So far I have this configuration working fine:

ou=ciscovpn,o=example

So every user under ou CiscoVPN can login. But now I have a problem: there are several users in different ou which needs to login also, and I don't know how to auth just those I want to. Example:

cn=user1,ou=hr

cn=user2,ou=hr

cn=user3,ou=admin

cn=user4,ou=admin

Let's say we have that config, how can I do to grant access JUST to user1 and user 4? Of course I cannot move users between ou's because the tree is already working fine for some other internal accesses.

Thanks in advance!!!

Labels:
0 Helpful
2 Replies 2

stevenkrose
Level 1
Level 1

‎08-13-2012 10:17 AM

Hi,

Are you able to create a security group in AD, add users to the group, and authenticate to that security group?

See url for reference:

http://www.netcraftsmen.net/component/content/article/67-network-security/771-asa-vpn-ldap-authentication-with-group-membership-verification.html

Hope this helps

0 Helpful

Oliver Laue
Level 4
Level 4

‎08-14-2012 04:01 AM

Hi Pablo,

As Steven mentioned you will Need an extra Security Group Where all Users are Members that should have Access to the VPN.

Something like Group: VPN_access which you will Check with an LDP attribute map

If you Need Special Filters or acl's Applied to the ou's like HR you can define that with DAP.

Sent from Cisco Technical Support iPad App

0 Helpful
Customers Also Viewed These Support Documents