SSL VPN User authentication using Multiple domain AD

Unanswered Question
Mar 25th, 2009

Hi All,

I m very confused need your intervention for the same..

I have deployed ASA SSL VPN with ver 8.0... the problem i m facing is the multiple domain search ie we have 2 different AD & in different domain. For eg one in domain & other in domain.

I had created one LDAP AAA group in which i have added the 2 AD. My concern is if the user is coming from his domain will he be automatically authenticated by his particular domain or not.. In one of th cisco document i saw this-

The ASA currently does not support the LDAP referal mechanism for multi-domain searches

(Cisco bug ID CSCsj32153). Multi-domain searches are supported with the AD in Global Catalog Server

mode. In order to perform multi-domain searches, setup up the AD server for Global Catalog Server mode,

usually with the these key parameters for the LDAP server entry in the ASA. The key is to use an

ldap-name-attribute that must be unique across the directory tree.

server-port 3268

ldap-scope subtree

ldap-naming-attribute userPrincipalName

I m not able to understand is this for search in a single domain with multiple AD ie backup AD or is it for AD in different domain.

Also do i need to create 2 different LDAP group to make it work using 2 AD in same group will work...

Thanks in advance for any solution..


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
vikasgupta2k Mon, 09/20/2010 - 04:43


Did you get this working, I'm having the same issue with one of my customers and wanted to see if you got it working.




This Discussion