Hi All,

I m very confused need your intervention for the same..

I have deployed ASA SSL VPN with ver 8.0... the problem i m facing is the multiple domain search ie we have 2 different AD & in different domain. For eg one in abc.com domain & other in xyz.com domain.

I had created one LDAP AAA group in which i have added the 2 AD. My concern is if the user is coming from his domain will he be automatically authenticated by his particular domain or not.. In one of th cisco document i saw this-

The ASA currently does not support the LDAP referal mechanism for multi-domain searches

(Cisco bug ID CSCsj32153). Multi-domain searches are supported with the AD in Global Catalog Server

mode. In order to perform multi-domain searches, setup up the AD server for Global Catalog Server mode,

usually with the these key parameters for the LDAP server entry in the ASA. The key is to use an

ldap-name-attribute that must be unique across the directory tree.

server-port 3268

ldap-scope subtree

ldap-naming-attribute userPrincipalName

I m not able to understand is this for search in a single domain with multiple AD ie backup AD or is it for AD in different domain.

Also do i need to create 2 different LDAP group to make it work using 2 AD in same group will work...

Thanks in advance for any solution..

Piyush