Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
804
Views
5
Helpful
1
Replies

Add an LDAP memberOf attribute to a DAP policy using the CLI

BenHarvey39850
Level 1
Level 1

‎02-26-2021 02:02 PM

Hello, 

 

I'm building an API that automates interactions with a cluster of Cisco ASAs.  Part of this process is creating new DAP policies that associate an LDAP group with a network ACL.  This appears to be trivial to do using the ADSM GUI ( see Step 2 of this blog post for an example), but I haven't been able to figure out how to do the same operation via the CLI, which is required for automation.   Currently we are considering manually editing the dap.XML file to achieve this, but I feel like I'm missing something and there is a simpler approach.  Thanks for your help! 

 

- Ben

Labels:
0 Helpful
1 Reply 1

Dinesh Moudgil
Cisco Employee
Cisco Employee

‎02-28-2021 08:55 AM

Note: The dap.xml file, which contains the DAP policies selection attributes, is stored in the ASA's flash. Although you can export the dap.xml file off-box, edit it (if you know about XML syntax), and re-import it back, be very careful, because you can cause ASDM to stop processing DAP records if you have misconfigured something. There is no CLI to manipulate this part of the configuration.

 

https://www.cisco.com/c/en/us/support/docs/security/asa-5500-x-series-next-generation-firewalls/108000-dap-deploy-guide.html

 

Thank you,

Dinesh Moudgil

 

 

Cisco Network Security Channel - https://www.youtube.com/c/CiscoNetSec/
Customers Also Viewed These Support Documents