I'm working on implementing an SSL solution with LDAP authentication, but am having some trouble. I have created a group in AD called "SSL-VPN". I would like members of this security group to be permitted to use the SSL portal and those members only. My current method of authenticating a domain user via LDAP is up and running; however when I select my LDAP attribute map and apply it to the server group I'm still able to authenticate non-member users. It's as if the ASA isn't searching said group or applying the map at all. Here is my config:
aaa-server COMPANY_LDAP_GRP protocol ldap
aaa-server COMPANY_LDAP_GRP (inside) host 10.10.10.10
server-port 636
ldap-base-dn DC=domain-adm, DC=local
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password ***
ldap-login-dn CN=administrator,CN=users,DC=domain-adm,DC=local
ldap-over-ssl enable
server-type microsoft
ldap-attribute-map SSL-VPN-LDAP
ldap attribute-map SSL-VPN-LDAP
map-name memberOf Group-Policy
map-value memberOf CN=SSL-VPN,CN=Users,DC=domain-adm,DC=local DOMAIN_SSL_VPN_Policy