Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
3195
Views
8
Helpful
1
Comments

Sample config when LDAP server is AD

Vinay Sharma
Level 7
Level 7

‎10-05-2010 08:34 AM - edited ‎02-21-2020 09:57 PM

Introduction:-  Sample configuration when LDAP server is AD

aaa-server ldap (inside) host <ip-address>


server-port 389


ldap-base-dn <base-dn>


ldap-scope subtree


ldap-naming-attribute sAMAccountName


ldap-login-password *


ldap-login-dn <admin-dn>


server-type microsoft


ldap-attribute-map ssh


ldap attribute-map ssh

  map-name  memberOf IETF-Radius-Service-Type

map-value memberOf "CN=Domain Admins,CN=Users,DC=aaateam,DC=com" 6


aaa authentication ssh console ldap LOCAL

aaa authorization exec authentication-server


Please note that <> denotes a custom value to be used.


In the above configuration any user belonging to the “Domain Admins” group on the LDAP server will have access to the console. Others will not be allowed to SSH.


The value 6 denotes admin. No value will mean only remote access

Labels:
Comments
Amjad Abdullah
VIP Alumni
VIP Alumni
‎12-19-2011 09:38 PM

Thanks for the doc,

I think it would be better if it is metnioned to which ACS versions the above is applied

Thanks again.

Amjad

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents