Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3110
Views
0
Helpful
15
Replies

AD groups / LDAP for remote access user authorization

jgolson
Level 1
Level 1

‎02-02-2009 12:24 PM - edited ‎02-21-2020 03:15 AM

I'm trying to configure an ASA5540 to use LDAP for remote access user authorization. I am using certificates for authentication, and using the userPrincipalName field from the certificate for authorization purposes. I am trying to set up a LDAP attirbute map which will only allow a user to connect to VPN if he/she is a member of a specific group. I haven't been able to get this working. The problem I have run into is that even if a user isn't a member of the group I have defined in the LDAP attribute map, the user will be authorized because the user account exists in AD. Any help would be greatly appreciated.

0 Helpful
15 Replies 15

LBS-BZ-HI
Level 1
Level 1
In response to Ivan Martinon

‎12-04-2009 05:22 AM

i know thats an old post - but you can try to set the Simultaneous Logins of the DefaultGroup = 0. so nobody who becames the Default Group will be able to login.

HTH

konne

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card