Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
536
Views
0
Helpful
3
Replies

WebVPN - user assigned to multiple LDAP groups

Gerard Gacusan
Level 1
Level 1

‎09-02-2009 07:33 AM

it's a webvpn implementation with ldap. Group Alias enabled of different tunnel-group/policy.

A user is a memberOf different LDAP groups - example group1,2 and 3. It seems like ASA behaves the first match via LDAP query and the user failed to login on other groups. Have you guys experience this too? Anyone resolved a user assigned to multiple AD groups?

thanks in advance.

Labels:
0 Helpful
3 Replies 3

Yudong Wu
Level 7
Level 7

‎09-02-2009 11:49 AM

Yes, it only does first match via LDAP.

You need use DAP if you would like to match multiple groups.

http://www.cisco.com/en/US/products/ps6120/products_white_paper09186a00809fcf38.shtml

0 Helpful

Gerard Gacusan
Level 1
Level 1
In response to Yudong Wu

‎09-03-2009 01:00 PM

Thanks. So, how would you assign DAP into the group-policy or group-policy into DAP?

Example:

http://company.com/portal-1

http://company.com/portal-2

user1 is allowed to login portal-1 but not portal-2.

user2 is allowed both portals.

This is where i'm having an issue with LDAP since it do the first match only via ldap mapping.

0 Helpful

m.reay
Level 1
Level 1
In response to Gerard Gacusan

‎11-02-2009 09:31 AM

I am having the same issue in mapping DAPs to LDAP groups when there are multiple groups.

Has anyone managed to get this working successfully?

0 Helpful
Customers Also Viewed These Support Documents