I have an ASA 8.0(3)4 doing LDAP authorization to our W2K3 DC.
Now a User whose AD account is locked is able to establish a Tunnel. But if his account is deactivated, he can't establish a tunnel (Authorization failed).
What do I have to configure if I want a locked user not to be able to establish a tunnel. Or, vice versa, allow a deactivated user to come in?