We have an issue where DAP is not working correctly.
We have 2 pairs of firewalls, an older 5525 pair running 9.8(4)32 and a newer 2120 pair running 9.14(2)14
One of the profiles is on both firewalls. DAP is set to look for the cisco.tunnelgroup and ldap.memberof on both pairs.
If I remove my AD name from the ldap group, my login stops working on the older pair (what we want to happen). But on the newer pair I can still access it. The ACL is still being applied, but anyone with a valid AD account could log into it and we want to lock it down as it is for 3rd party support only.
DAPs on both pairs are configured in a similar way, priorites are the same and the default one is set up the same