Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
I'm trying to configure an ASA5540 to use LDAP for remote access user authorization. I am using certificates for authentication, and using the userPrincipalName field from the certificate for authorization purposes. I am trying to set up a LDAP att...
I am using the memberOf attribute and tying it to the Tunneling-Protocols Cisco Name. Up until now, it seems like the ASA would accept the user even if they weren't a member of the AD group I am pointing it to. In my testing today though, if you ar...
Correct. I'm not really sure how to tell the ASA what it should be looking for. It seems like the LDAP attribute map options for IETF-Radius-Class are only for matching AD groups to VPN groups. I've been using Tunneling-Protocols, which does ensur...
I'm actually not trying to use the LDAP map to put users into a group policy, I am using group urls and the users know which url to use. All I want the LDAP map to do is verify that the user is a member of the group they are trying to VPN with, and ...
