Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
836
Views
0
Helpful
1
Replies

Radius LDAP mapping for SGT

Go to solution
Michal Garcarz
Cisco Employee
Cisco Employee

‎09-19-2018 02:42 PM - edited ‎09-19-2018 02:43 PM

Hello Team,

It needs to be simple mistake, i had it working, now it's not working.

I authorize user in LDAP which hits authz rule having the following authorization profile:

 

Screen Shot 2018-09-19 at 23.36.53.png

Customer1_RODC is LDAP connection with physicalDeliveryOffice attribute:

Screen Shot 2018-09-19 at 23.38.37.png

Now when i do authorize user, i can see the following in auth logs:

Screen Shot 2018-09-19 at 23.36.32.png

Now - why value of physicalDeliveryOfficeName which is equal to 18 is not mapped ? And instead -01 is added to a string representation ?

 

It was working fine, but probably i have lost connectivity to LDAP, but i have readed it along with attribute.

Could you please confirm ?

 

Thanks,

Michal

 

1 person had this problem
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
hslai
Cisco Employee
Cisco Employee

‎10-21-2018 10:52 AM

IIRC we need the entire RHS of cisco-av-pair as the value of the AD/LDAP attribute; e.g. Cisco:cisco-av-pair = AD1:description.

View solution in original post

0 Helpful
1 Reply 1

Go to solution
hslai
Cisco Employee
Cisco Employee

‎10-21-2018 10:52 AM

IIRC we need the entire RHS of cisco-av-pair as the value of the AD/LDAP attribute; e.g. Cisco:cisco-av-pair = AD1:description.

0 Helpful
Customers Also Viewed These Support Documents