cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
224
Views
0
Helpful
0
Replies
Highlighted
Beginner

LDAP Authentication: sAMAccountName vs CN, which one to choose?

I have following configuration in my organization & currently I am using LDAP_EMAIL_GROUP (CN) but if i want to use only LDAP_EMAIL_NAME (sAMAccountName), is it possible? & is there any option other than (memberOf), because I want to use sAMAccountName & assign the policy by myself, rather than first asking Windows team & waiting for them to add new account to particular group.

 

Below are sample configurations:

 

ldap attribute-map LDAP_EMAIL_GROUP
map-name memberOf Group-Policy
map-value memberOf "CN=dc.northzone,OU=Distribution Groups,DC=abc,DC=net,DC=ae" GroupPolicy1

 

ldap attribute-map LDAP_EMAIL_NAME
map-name sAMAccountName Group-Policy
map-value sAMAccountName "ABC.XYZ" GroupPolicy1

 

aaa-server AAA-GROUP protocol tacacs+
aaa-server AAA-GROUP (SECURITY-SERVICES) host 10.10.3.6
key *****
aaa-server LDAP-GROUP protocol ldap
aaa-server LDAP-GROUP (LDAP-VRF-EXTERNAL) host 10.6.24.22

ldap-attribute-map LDAP_EMAIL_GROUP

Everyone's tags (4)