05-27-2008 10:02 PM
Hi,
Is there any possibility of configuring the both LDAP and the RSA(SID) for authentication (Basically it should be first authorize from the LDAP and second from the RSA ID) ?
06-02-2008 12:23 PM
You can configure the security appliance to receive user attributes from either the LOCAL/internal database, a RADIUS/LDAP authentication server, or a RADIUS/LDAP authorization server. You can also place users into group-policies with different attributes, but the user attributes will always take precedence. After the device authenticates the user and group(s), the security appliance combines the user and group attribute sets into one aggregate attribute set. The security appliance uses the attributes in the following order and applies the aggregate attribute set to the authenticated user.
1. User attributes-The server returns these after successful user authentication or authorization. These take precedence over all others.
2. Group policy attributes-These attributes come from the group policy associated with the user. You identify the user group policy name in the local database by the ' vpn-group-policy' attribute or from an external RADIUS/LDAP server by the value of the RADIUS CLASS attribute (25) in the format 'OU=GroupName;'. The group policy provides any attributes that are missing from the user attributes. User attributes override group policy attributes if both have a value.
3. Tunnel group default-group-policy attributes-These attributes come from the default-group-policy (Base group) that is associated with the tunnel group. After a lookup of that group policy, the Tunnel Group's default-group-policy provide any attributes that are missing from the user or group policy attributes. User attributes override group policy attributes if both have a value.
System default attributes-System default attributes provide any attributes that are missing from the user, group, or tunnel group attributes.
http://www.cisco.com/en/US/docs/security/vpn3000/vpn3000_47/configuration/guide/ldapapp.html
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide