Here is the solution....
#first create the AAA server group and select protocol LDAP the name can what you like
aaa-server LDAP-XXX-AD protocol ldap
#Second associate ldap maps to server
ldap attribute-map LDAP_memberOf_ServiceType
#Third Associate values to the ldap map - this is what determines what members will have access by linking to a AD group. memberOf is case specific and translates to what type of LDAP query is being made.
map-name memberOf IETF-Radius-Service-Type - map-value memberOf memberOf CN=Group which should have access,OU=Network,OU=Security,OU=DOMAIN
#Fifth Create AAA server
aaa-server LDAP-SOS-AD (outside) host 'IP ADDRESS'
ldap-base-dn 'OU Where the users will reside' DC=XXX,DC=XXX.DC=NET ldap-scope subtree ldap-naming-attribute sAMAccountName ldap-login-password #Password for account which allows access to AD ldap-login-dn #Username for account which allows access to AD server-type microsoft ldap-attribute-map LDAP_memberOf_ServiceType #LDAP Attribute name
#Seven enable AAA for SSH AND enable
aaa authentication ssh console LDAP-XXX-AD LOCAL aaa authentication enable console LDAP-XXX-AD LOCAL
I hope this helps.
... View more