Hello,
I have got a problem mapping a certificate to a tunnel-group, using the default "tunnel-group-map enable ou" command.
I have several tunnel-groups and certificates that work just fine which have a DN of CN="user";"OU="Department";dc="company".
The certificate that won't work, has several OU-Fields --> DN --> CN="user";OU="Clients";OU="abc";OU="xyz";dc="company", and I want to map on the OU="Clients, so I named my tunnel-group Clients.
The problem is see in ASA Logs is, that it tries to find a tunnel-group mapping for the OU="xyz" and not for the OU="Clients".
Is the ASA capable to handle certificates with more than one OU-Field? How could I get this to work or is there a missconfiguration in the certificate template?
Thanks for any advice.
Best regards,
Thomas