cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
198
Views
0
Helpful
1
Replies
Highlighted
Beginner

DAP and LDAP

We have a number of Employees and 3rd Party users who access our VPN. The 3rd parties are from different organisations as they support different pieces of kit. Both may be in multiple AD Groups as both work internally and externally at times.

Upto now we have used an LDAP attribute map to place users in different groups e.g. Employees or Contractors.

I am looking to deploy some Cisco 5525X's and want to use DAP to get more granular on the privileges assigned to Contractors.

Is it possible to somehow identify say Contractor 1 from Contractor 2 through DAP by matching on the different AD Groups that Contractor 1 may be in versus Contractor 2. Separation in this way then allows me to use downloadable ACL's etc.

Or any other way...

Regards

Darren

Sent from Cisco Technical Support iPad App

1 REPLY 1
Highlighted
Beginner

You can use the LDAP attribute memberof in order to distinguish users from different AD security groups.

For instance attribute memberof with a value ContractorGroup1 will match any users who are members of the CotractorGroup1 AD security group.

Content for Community-Ad