Hi everyone!
I have a task to integrate ASA 5516 with LDAP for implementing cut-through proxy feature with AD authentication.
I have successfully got connected with the AAA server but the problem is - there are non-ASCII (Cyrillic) symbols in AD groups names.
ldap-base-dn CN=nameOfEmployee,OU=XXX ,OU=XXX ,OU=XXX ,OU=USERS,DC=company,DC=ru
XXX - are Cyrillic letters.
So if I put it this way - ASA can`t find an object because of wrong syntax (can`t use Russian letters in CN), but if I put only
ldap-base-dn DC=company,DC=ru
it works perfectly but it finds all the users... But I have to grant access to the secure network only to one AD group. So my idea is to find in one AD group only.
There is my config
aaa-server AD protocol ldap
aaa-server AD (tunnel) host 1.1.1.1
ldap-base-dn OU=USERS,DC=company,DC=ru
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *****
ldap-login-dn xxx@xxx
server-type microsoft
I`ve asked AD admins to add the users needed to another group with ASCII-only symbols but anyway, the search results shows that the account is only a member of that group but User DN still contains the whole bunch of Russian letters.
Is my method wrong and there are other ways to get only one group of LDAP users?
Thanks for any help.