Showing results for 
Search instead for 
Did you mean: 

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.


Non ASCII symbols in AAA ldap-base-dn

Hi everyone!

I have a task to integrate ASA 5516 with LDAP for implementing cut-through proxy feature with AD authentication.

I have successfully got connected with the AAA server but the problem is - there are non-ASCII (Cyrillic) symbols in AD groups names.

ldap-base-dn CN=nameOfEmployee,OU=XXX ,OU=XXX ,OU=XXX ,OU=USERS,DC=company,DC=ru

XXX - are Cyrillic letters.

So if I put it this way - ASA can`t find an object because of wrong syntax (can`t use Russian letters in CN), but if I put only

ldap-base-dn DC=company,DC=ru

it works perfectly but it finds all the users... But I have to grant access to the secure network only to one AD group. So my idea is to find in one AD group only.

There is my config

aaa-server AD protocol ldap
aaa-server AD (tunnel) host
 ldap-base-dn OU=USERS,DC=company,DC=ru
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn xxx@xxx
 server-type microsoft

I`ve asked AD admins to add the users needed to another group with ASCII-only symbols but anyway, the search results shows that the account is only a member of that group but User DN still contains the whole bunch of Russian letters.

Is my method wrong and there are other ways to get only one group of LDAP users?

Thanks for any help.


Content for Community-Ad