Hi All,
That problem has been mentioned couple of times but couldn't find an answer
My config:
aaa-server IAS_Internal_LDA protocol ldap
reactivation-mode depletion deadtime 5
aaa-server IAS_Internal_LDA (inside) host 10.0.10.162
ldap-base-dn DC=xxxxxxxxxxx,DC=loc
ldap-group-base-dn CN=xxxxxxxxx,OU=xxxxxxx,DC=xxxxxxx,DC=loc
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn CN=Administrator,CN=Users,DC=xxxxxxxxx,DC=loc
server-type microsoft
ldap-attribute-map BBBB
ldap attribute-map BBBB
map-name memberOf IETF-Radius-Class
map-value memberOf CN=XXXX,OU=Support,DC=XXXXXX,DC=loc BBBB
Problem I have got is, LDAP authenticates all users instead of authenticating only members of XXXX group
I am not sure if I missed anything, we have got already undefined default dynamic group policy and other Radius authentications so didn't want to play with that, and not sure if it is necessary to implement DAP in this case
Thank you for your help,