10-25-2007 08:52 AM - edited 03-09-2019 07:05 PM
Hi there!
I'm trying to bind Web VPN users on an ASA5510 with ASA 8.0(2) to a specific group via LDAP. Everything works fine in my test configuration, but it's not working in our production environment.
I'm trying to do a
ldap attribute-map WEB-VPN
map-name memberOf IETF-Radius-Class
map-value memberOf CN=WEB-VPN-GG,OU=Groups without XY,DC=internal,DC=domain,DC=com WEBVPN-USERS-POLICY
But I'm getting a "ERROR: % Invalid input detected at '^' marker." Where '^' is pointing at my policy name. If I remove the blanks in the OU part it's accepting the command, but mapping doesn't work.
Is there a way to mask the blanks or to tell the ASA to use a diffrent charakter for seperating the ldap value from the group policy name?
Changing the OU is not possible ... ;-)
11-08-2007 02:02 PM
Do you have it working so if the users are not in the WEB-VPN-GG group they don't get in? If so mine is working but I'm trying to figure out the best way to restrict.
09-18-2008 01:56 AM
Hi Markus
Might be a bit late, but here's the solution. You have to use quotes:
map-value memberOf "CN=WEB-VPN-GG,OU=Groups without XY,DC=internal,DC=domain,DC=com" WEBVPN-USERS-POLICY
I've found this out using ASDM!
Regards
Toni
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: