Hi,
Please see this configuration example.
ldap attribute-map memberOf
map-name memberOf IETF-Radius-Class
map-value memberOf CN=VPN,CN=Users,DC=cisco,DC=com CAC-Users
aaa-server LDAP protocol ldap
aaa-server LDAP (outside) host 192.168.250.27
ldap-base-dn DC=cisco,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *
ldap-login-dn CN=asaldap,CN=Users,DC=cisco,DC=com
server-type microsoft
ldap-attribute-map memberOf
tunnel-group vpnclient type remote-access
tunnel-group vpnclient general-attributes
address-pool VPN
authorization-server-group LDAP
authorization-required
username-from-certificate CN
tunnel-group vpnclient ipsec-attributes
trust-point LDAP
isakmp ikev1-user-authentication none
group-policy CAC-Users internal
group-policy CAC-Users attributes
dns-server value 192.168.250.27
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split
If you have any question let me know.