I'm trying to bind Web VPN users on an ASA5510 with ASA 8.0(2) to a specific group via LDAP. Everything works fine in my test configuration, but it's not working in our production environment.
I'm trying to do a
ldap attribute-map WEB-VPN
map-name memberOf IETF-Radius-Class
map-value memberOf CN=WEB-VPN-GG,OU=Groups without XY,DC=internal,DC=domain,DC=com WEBVPN-USERS-POLICY
But I'm getting a "ERROR: % Invalid input detected at '^' marker." Where '^' is pointing at my policy name. If I remove the blanks in the OU part it's accepting the command, but mapping doesn't work.
Is there a way to mask the blanks or to tell the ASA to use a diffrent charakter for seperating the ldap value from the group policy name?
Changing the OU is not possible ... ;-)