10-25-2007 08:52 AM - edited 03-09-2019 07:05 PM
Hi there!
I'm trying to bind Web VPN users on an ASA5510 with ASA 8.0(2) to a specific group via LDAP. Everything works fine in my test configuration, but it's not working in our production environment.
I'm trying to do a
ldap attribute-map WEB-VPN
map-name memberOf IETF-Radius-Class
map-value memberOf CN=WEB-VPN-GG,OU=Groups without XY,DC=internal,DC=domain,DC=com WEBVPN-USERS-POLICY
But I'm getting a "ERROR: % Invalid input detected at '^' marker." Where '^' is pointing at my policy name. If I remove the blanks in the OU part it's accepting the command, but mapping doesn't work.
Is there a way to mask the blanks or to tell the ASA to use a diffrent charakter for seperating the ldap value from the group policy name?
Changing the OU is not possible ... ;-)
11-08-2007 02:02 PM
Do you have it working so if the users are not in the WEB-VPN-GG group they don't get in? If so mine is working but I'm trying to figure out the best way to restrict.
09-18-2008 01:56 AM
Hi Markus
Might be a bit late, but here's the solution. You have to use quotes:
map-value memberOf "CN=WEB-VPN-GG,OU=Groups without XY,DC=internal,DC=domain,DC=com" WEBVPN-USERS-POLICY
I've found this out using ASDM!
Regards
Toni
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide