Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
209
Views
0
Helpful
1
Replies

LDAP Attribute Map

spencermoore
Level 1
Level 1

‎05-01-2015 08:34 AM

I'm working on implementing an SSL solution with LDAP authentication, but am having some trouble. I have created a group in AD called "SSL-VPN". I would like members of this security group to be permitted to use the SSL portal and those members only. My current method of authenticating a domain user via LDAP is up and running; however when I select my LDAP attribute map and apply it to the server group I'm still able to authenticate non-member users. It's as if the ASA isn't searching said group or applying the map at all. Here is my config:

 

aaa-server COMPANY_LDAP_GRP protocol ldap
aaa-server COMPANY_LDAP_GRP (inside) host 10.10.10.10
 server-port 636
 ldap-base-dn DC=domain-adm, DC=local
 ldap-scope subtree
 ldap-naming-attribute sAMAccountName
 ldap-login-password ***
 ldap-login-dn CN=administrator,CN=users,DC=domain-adm,DC=local
 ldap-over-ssl enable
 server-type microsoft
 ldap-attribute-map SSL-VPN-LDAP

ldap attribute-map SSL-VPN-LDAP
  map-name  memberOf Group-Policy
  map-value memberOf CN=SSL-VPN,CN=Users,DC=domain-adm,DC=local DOMAIN_SSL_VPN_Policy

Labels:
0 Helpful
1 Reply 1

spencermoore
Level 1
Level 1

‎05-01-2015 10:00 AM

I was able to resolve this issue by using DAP instead. Much easier and more intuitive...

0 Helpful
Customers Also Viewed These Support Documents