ANNOUNCEMENT - The community will be down for maintenace this Thursday August 13 from 12:00 AM PT to 02:00 AM PT. As a precaution save your work.
Showing results for 
Search instead for 
Did you mean: 

Monitor only access to ASA - ASDM when user is authenticated by LDAP






This document explains how to configure LDAP on ASA so that user has "monitor only" access to ASDM.




Ensure that you meet below mentioned requirements before implementation.

  • Define ASA as a AAA client on LDAP server.
  • Define the IP address and an identical shared secret key on the LDAP and ASA.


Devices Used:


The information is based on below mentioned software and hardware versions:

  • LDAP server
  • ASA 8.4

All of the devices used in this document started with factory default configuration.


Configuration on ASA:


1.) AAA server configuration

AAA server config.png



2. LDAP attribute map configuration:


LDAP attr.png


3. AAA configuration on ASA


sh run aaa.png





ver 1.png

ver 2.png


Scenario 2:


User have configured the ASA CX and configured the Web filtering policies.

In the policies, he has created the user objects for each of his user with their IP address for the Source. But he need to integrate it with Active Directory which will be easy for him to add user in the object group by 

their domain username. what will be the steps for it.

And also that can be easily identified in the event tab with that username, as for now its just showing me the IP of the user doing illegal surfing.



You will need to setup/install CDA instead. CDA provides several benefits over the older AD Agent such as, GUI interface for management, runs on its own VM - doesn't need to be installed on a DC, and 

Windows 2012 support. Below is additional information regarding CDA for you to review:
Once you install CDA on your network Please follow the installation guide for Active Directory Integration. Once you done, you can see the user name on access policy.

CDA Installation Guide:

CDA Download:


This was indeed helpful



Hi Minakshi,

Thanks for the appreciating the effort.


Anim Saxena

Community Manager - Security