I beleive this is more of a client issue than VPN server.Specify the group-url in the tunnel-group command as shown belowtunnel-group your-tunnel webvpn-attributes group-url https://outside-interface-ip/extension enableUse the specified url while co...
Well , I have implemented a similar solution with 2FA , The ASA will look for some string from the AD and apply an ACL created in the VPN filter list.Haven't implemented this using LDAP but I know it is doable