Solved: Radius LDAP mapping for SGT

Michal Garcarz · ‎09-19-2018

Hello Team,

It needs to be simple mistake, i had it working, now it's not working.

I authorize user in LDAP which hits authz rule having the following authorization profile:

Screen Shot 2018-09-19 at 23.36.53.png

Customer1_RODC is LDAP connection with physicalDeliveryOffice attribute:

Screen Shot 2018-09-19 at 23.38.37.png

Now when i do authorize user, i can see the following in auth logs:

Screen Shot 2018-09-19 at 23.36.32.png

Now - why value of physicalDeliveryOfficeName which is equal to 18 is not mapped ? And instead -01 is added to a string representation ?

It was working fine, but probably i have lost connectivity to LDAP, but i have readed it along with attribute.

Could you please confirm ?

Thanks,

Michal

hslai · ‎10-21-2018

IIRC we need the entire RHS of cisco-av-pair as the value of the AD/LDAP attribute; e.g. Cisco:cisco-av-pair = AD1:description.

hslai · ‎10-21-2018

IIRC we need the entire RHS of cisco-av-pair as the value of the AD/LDAP attribute; e.g. Cisco:cisco-av-pair = AD1:description.