09-02-2009 07:33 AM
it's a webvpn implementation with ldap. Group Alias enabled of different tunnel-group/policy.
A user is a memberOf different LDAP groups - example group1,2 and 3. It seems like ASA behaves the first match via LDAP query and the user failed to login on other groups. Have you guys experience this too? Anyone resolved a user assigned to multiple AD groups?
thanks in advance.
09-02-2009 11:49 AM
Yes, it only does first match via LDAP.
You need use DAP if you would like to match multiple groups.
http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml
09-03-2009 01:00 PM
Thanks. So, how would you assign DAP into the group-policy or group-policy into DAP?
Example:
user1 is allowed to login portal-1 but not portal-2.
user2 is allowed both portals.
This is where i'm having an issue with LDAP since it do the first match only via ldap mapping.
11-02-2009 09:31 AM
I am having the same issue in mapping DAPs to LDAP groups when there are multiple groups.
Has anyone managed to get this working successfully?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide