Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
495
Views
2
Helpful
1
Replies

ASA & LDAP Authorization

markbialik
Level 1
Level 1

‎11-02-2006 02:22 PM - edited ‎03-10-2019 02:49 PM

Hello:

I have a LDAP server configured and authentication working just fine. My next goal is to provide SSL VPN services to some employees. Their Tunnel Group membership should depend upon their LDAP 'group' membership.

For example, our LDAP administrator has configured user entries like this:

dn: uid=jdoe,ou=People,o=company.com

givenName: John

sn: Doe

mail: jdoe@company.com

objectClass: top

objectClass: person

objectClass: organizationalPerson

objectClass: inetOrgPerson

objectClass: inetorgpersonsub1

uid: jdoe

cn: John Doe

description: Employee

description: Information Systems

He seems to like to use 'description' instead of OU for some reason, but that's out of my control. I assume I need to perform some sort of LDAP Attribute mapping to make this happen.

In the above example, I would like to create a Tunnel Group called 'IS' on the ASA, and if a user has 'description: Information Systems' in the ir LDAP, they would be mapped to the 'IS' tunnel group.

Can someone shed some light?

Thanks!

Mark

Labels:
0 Helpful
1 Reply 1

wong34539
Level 6
Level 6

‎11-08-2006 12:47 PM

The SSL VPN Client (SVC) is a VPN tunneling technology that gives remote users the benefits of an IPSec VPN client without the need for network administrators to install and configure IPSec VPN clients on remote computers. REfer URL for SSL VPN Servies

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a0080565910.html

Customers Also Viewed These Support Documents