Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1065
Views
0
Helpful
4
Replies

LDAP Attribute Mapping

Go to solution
cclem
Beginner
Beginner

‎06-13-2011 07:08 AM

If you are using LDAP attributes to map users to a specific group on the ASA is there a need for group lock if I want a user to connect to only one group? I am using the Cisco attribute Group-Policy to map an LDAP attribute = employee department i.e. sales, marketing, research, etc. 

Regards,

Charles

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎06-13-2011 11:46 PM

No, if you already configure LDAP attribute map, then you do not need to configure group lock because LDAP attribute map will automatically map the user to the specific group policy that you have created through the mapping.

Hope that answers your question.

View solution in original post

0 Helpful

Go to solution
andamani
Cisco Employee
Cisco Employee

‎06-14-2011 12:14 AM

Hi,

I don't think there is any requirement for the enabling a group-lock on the tunnel-group if you are configuring a Ldap attribute map.

The user will get associated with the group-policy. so there is no need to enable a group lock.

Hope this helps.

Regards,

Anisha

P.S.:please mark this post as answered if you feel your query is resolved. Do rate helpful posts.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Jennifer Halim
Cisco Employee
Cisco Employee

‎06-13-2011 11:46 PM

No, if you already configure LDAP attribute map, then you do not need to configure group lock because LDAP attribute map will automatically map the user to the specific group policy that you have created through the mapping.

Hope that answers your question.

0 Helpful

Go to solution
cclem
Beginner
Beginner
In response to Jennifer Halim

‎06-14-2011 06:04 AM

Thank you Jennifer. Your response is greatly valued.

0 Helpful

Go to solution
andamani
Cisco Employee
Cisco Employee

‎06-14-2011 12:14 AM

Hi,

I don't think there is any requirement for the enabling a group-lock on the tunnel-group if you are configuring a Ldap attribute map.

The user will get associated with the group-policy. so there is no need to enable a group lock.

Hope this helps.

Regards,

Anisha

P.S.:please mark this post as answered if you feel your query is resolved. Do rate helpful posts.

0 Helpful

Go to solution
cclem
Beginner
Beginner
In response to andamani

‎06-14-2011 06:42 AM

Thanks so much Anisha for the response. I have used RADIUS (ACS 4 and 5) to authenticate to Microsoft AD or RSA Token Servers in the past so I am new to LDAP.  This customer doesn't have a RADIUS server.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers
Spotlight Award Nomination
Customers Also Viewed These Support Documents