Let me know what part of the configuration you need to help and I will post that part.

 Thanks for you help.

Actually the full config would be best...

Here is the config.  Thanks

Hello,

you do not have an ldap attribute-map configured, which means all your VPN users are allowed. I guess that is on purpose ?

I cannot see anything obviously wrong with the config. I would suggest to try and test locally first. The document below describes how you can do that:

https://www.tunnelsup.com/cisco-asa-vpn-authorize-user-based-on-ldap-group/

Tested as per the tunnelsup document, but no new info...let me know if this does help though...

01# test aaa-server authentication remote_ldap username xxx password xxx
Server IP Address or name: 10.5.x.x
INFO: Attempting Authentication test to IP address <10.5.x.x> (timeout: 32 seconds)
ERROR: Authentication Server not responding: AAA Server has been removed
01#

[-2147483516] Session Start
[-2147483516] New request Session, context 0x00002aaad7fd1820, reqType = Authentication
[-2147483516] Fiber started
[-2147483516] Creating LDAP context with uri=ldap://10.5.x.x:50002
[-2147483516] Connect to LDAP server: ldap://10.5.x.x:50002, status = Successful
[-2147483516] supportedLDAPVersion: value = 3
[-2147483516] supportedLDAPVersion: value = 2
[-2147483516] Binding as remoteldap
[-2147483516] Performing Simple authentication for remoteldap to 10.5.x.x
[-2147483516] Simple authentication for remoteldap returned code (80) Internal (implementation specific) error
[-2147483516] Failed to bind as administrator returned code (-1) Can't contact LDAP server
[-2147483516] Fiber exit Tx=225 bytes Rx=671 bytes, status=-2
[-2147483516] Session End
ERROR: Authentication Server not responding: AAA Server has been removed

Hello,

I am not sure but I think you are currently using the local database only. Try to add the server group (which is remote_ldap as far as I can tell from your config):

aaa authentication ssh console remote_ldap LOCAL

would this make any difference when testing ldap?

Does anyone know what this error actually relates to?  I have been unable to find any information which references this code and error message.

Simple authentication for remoteldap returned code (80) Internal (implementation specific) error [-2147483539] Failed to bind as administrator returned code (-1) Can't contact LDAP server

Has this ever worked? Or is this a new implementation?

I wonder about the use of port 50002. My experience with ldap has been using ports 389 or 636. I wonder if the problem is the port being used.

HTH

Rick

This is a first time setup test.  I have tried connecting to a different domain controller using 389 but we have the same issue.

Thanks for all help given - This issue is now resolved.  Not sure what the issue was but I pointed it at a different domain controller and used an already setup ldap implementation using 389.

Thanks for posting back and letting us know that you found a solution to the problem using a different domain controller and using port 389. I am glad that my suggestions pointed you in the right direction.

HTH

Rick