LDAP attributes with space characters ...

Unanswered Question
Oct 25th, 2007
User Badges:

Hi there!

I'm trying to bind Web VPN users on an ASA5510 with ASA 8.0(2) to a specific group via LDAP. Everything works fine in my test configuration, but it's not working in our production environment.

I'm trying to do a

ldap attribute-map WEB-VPN

map-name memberOf IETF-Radius-Class

map-value memberOf CN=WEB-VPN-GG,OU=Groups without XY,DC=internal,DC=domain,DC=com WEBVPN-USERS-POLICY

But I'm getting a "ERROR: % Invalid input detected at '^' marker." Where '^' is pointing at my policy name. If I remove the blanks in the OU part it's accepting the command, but mapping doesn't work.

Is there a way to mask the blanks or to tell the ASA to use a diffrent charakter for seperating the ldap value from the group policy name?

Changing the OU is not possible ... ;-)

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gates1150 Thu, 11/08/2007 - 14:02
User Badges:

Do you have it working so if the users are not in the WEB-VPN-GG group they don't get in? If so mine is working but I'm trying to figure out the best way to restrict.

tgrundbacher Thu, 09/18/2008 - 01:56
User Badges:

Hi Markus

Might be a bit late, but here's the solution. You have to use quotes:

map-value memberOf "CN=WEB-VPN-GG,OU=Groups without XY,DC=internal,DC=domain,DC=com" WEBVPN-USERS-POLICY

I've found this out using ASDM!




This Discussion