Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1328
Views
0
Helpful
0
Replies

Non ASCII symbols in AAA ldap-base-dn

KonstantinRav60956
Level 1
Level 1

‎04-15-2021 06:45 AM

Hi everyone!

I have a task to integrate ASA 5516 with LDAP for implementing cut-through proxy feature with AD authentication.

I have successfully got connected with the AAA server but the problem is - there are non-ASCII (Cyrillic) symbols in AD groups names.

ldap-base-dn CN=nameOfEmployee,OU=XXX ,OU=XXX ,OU=XXX ,OU=USERS,DC=company,DC=ru

XXX - are Cyrillic letters.


So if I put it this way - ASA can`t find an object because of wrong syntax (can`t use Russian letters in CN), but if I put only

ldap-base-dn DC=company,DC=ru

it works perfectly but it finds all the users... But I have to grant access to the secure network only to one AD group. So my idea is to find in one AD group only.


There is my config

aaa-server AD protocol ldap
aaa-server AD (tunnel) host 1.1.1.1
 ldap-base-dn OU=USERS,DC=company,DC=ru
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password *****
 ldap-login-dn xxx@xxx
 server-type microsoft

I`ve asked AD admins to add the users needed to another group with ASCII-only symbols but anyway, the search results shows that the account is only a member of that group but User DN still contains the whole bunch of Russian letters.


Is my method wrong and there are other ways to get only one group of LDAP users?

Thanks for any help.

 

Labels:
0 Helpful
0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents