Cisco Community
English
Register
Make a difference. Your participation will help fund Save the Children. LEARN MORE
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

This community is for technical, feature, configuration and deployment questions.
For production deployment issues, please contact the TAC! We will not comment or assist with your TAC case in these forums.
Please see How to Ask the Community for Help for other best practices.

571
Views
0
Helpful
1
Replies
Michal Garcarz
Cisco Employee
Cisco Employee
‎09-19-2018 02:42 PM
‎09-19-2018 02:42 PM

Radius LDAP mapping for SGT

Hello Team,

It needs to be simple mistake, i had it working, now it's not working.

I authorize user in LDAP which hits authz rule having the following authorization profile:

 

Screen Shot 2018-09-19 at 23.36.53.png

Customer1_RODC is LDAP connection with physicalDeliveryOffice attribute:

Screen Shot 2018-09-19 at 23.38.37.png

Now when i do authorize user, i can see the following in auth logs:

Screen Shot 2018-09-19 at 23.36.32.png

Now - why value of physicalDeliveryOfficeName which is equal to 18 is not mapped ? And instead -01 is added to a string representation ?

 

It was working fine, but probably i have lost connectivity to LDAP, but i have readed it along with attribute.

Could you please confirm ?

 

Thanks,

Michal

 

1 person had this problem
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
hslai
Cisco Employee
Cisco Employee
‎10-21-2018 10:52 AM
‎10-21-2018 10:52 AM

IIRC we need the entire RHS of cisco-av-pair as the value of the AD/LDAP attribute; e.g. Cisco:cisco-av-pair = AD1:description.

View solution in original post

0 Helpful
1 REPLY 1
hslai
Cisco Employee
Cisco Employee
‎10-21-2018 10:52 AM
‎10-21-2018 10:52 AM

IIRC we need the entire RHS of cisco-av-pair as the value of the AD/LDAP attribute; e.g. Cisco:cisco-av-pair = AD1:description.

View solution in original post

0 Helpful
Latest Contents
What’s New in Cisco Secure Endpoint—November 2021
Created by kasachs on 11-29-2021 03:46 PM
1
0
1
0
We’re excited to announce new capabilities with Secure Endpoint that allow you to simplify your security and maximize your security operations: Unify your security stack and reduce agent fatigue with Cisco Secure Client; harness integrated risk-based vuln... view more
(Podcast) S8|E47 Turbocharge with Cisco Secure Endpoint
Created by Amilee San Juan on 11-22-2021 06:37 PM
1
5
1
5
Listen: https://smarturl.it/CCRS8E47 Follow us: twitter.com/CiscoChampion Ransomware, fileless malware, and zero-day attacks continue to target organizations around the world. In response, organizations have resorted to deploying a variety of di... view more
General information on Cisco TC-NAC with ISE
Created by Jason Kunst on 11-18-2021 11:00 AM
0
5
0
5
This is a general information page for Cisco Threat Centric (TC-NAC) with ISE   Threat Centric Network Access Control (TC-NAC) feature enables you to create authorization policies based on the threat and vulnerability attributes received from the th... view more
The 2021 IT Blog Awards is now accepting submissions!
Created by caiharve on 11-16-2021 02:52 PM
0
0
0
0
The 2021 IT Blog Awards, hosted by Cisco, is now open for submissions. Submit your blog, vlog or podcast today. For more information, including category details, the process, past winners and FAQs, check out: https://www.cisco.com/c/en/us/t... view more
Secure Endpoint/Amp for Endpoints-Decommissioning Legacy Clo...
Created by Brett Murrell on 11-02-2021 03:01 AM
0
5
0
5
Problem Description  Cisco Secure Endpoint (formerly AMP for Endpoints) will decommission legacy cloud servers, which results in Legacy Windows Connector Versions 3.x/4.x and Mac Connector Version 1.0.x ceasing to ... view more
Ask a Question
Create
+ Discussion
+ Blog
+ Document
+ Video
+ Project Story
Find more resources
Discussions
Blogs
Documents
Events
Videos
Project Gallery
New Community Member Guide
Related support document topics
Recognize Your Peers
Spotlight Award Nomination
Polls
Which of these topics should we host an event in the Community?

Top Choice: pxGrid (39%)

Vote
Hide Results
Content for Community-Ad

ISE Webinars

Did you miss a previous ISE webinar?

CiscoISE YouTube Channel