RSA (SDI) for Authentication and LDAP (AD) for Authorization for ASA VPN

Answered Question
Oct 21st, 2009

We currently use RSA for VPN authentication. I have configured and tested LDAP on the ASA. I would like the ASA to query AD via LDAP for the group membership of the user trying to login and will give them a specific Access Policy off of that group. Is there a way to do this when the user is authenticating soley through RSA?

I have this problem too.
0 votes
Correct Answer by Jagdeep Gambhir about 7 years 1 month ago

The same user id should exist on both database. However password can be different as for Authorization password check is not performed.

For example user name "brentcatoe" should be there on both database.

If user name is not same, this is not going to work and I don't think there is any way to link or map userid.

Regards,

~JG

Do rate helpful posts

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Brent Catoe Thu, 10/22/2009 - 03:22

Thanks for the link. However it does not explain how to accomplish this. I have succesfully gotten it to work with using AD for authentication and LDAP for authorization, however not using RSA for authentication and LDAP for authorization. The DAP i setup looks to see if the user is a member of an LDAP group, but the userid it is looking for i am assuming is the RSA UserID, which it will not find on the LDAP server. Is there a way to link a rsa userid with a windows userid?

Correct Answer
Jagdeep Gambhir Thu, 10/22/2009 - 09:10

The same user id should exist on both database. However password can be different as for Authorization password check is not performed.

For example user name "brentcatoe" should be there on both database.

If user name is not same, this is not going to work and I don't think there is any way to link or map userid.

Regards,

~JG

Do rate helpful posts

Brent Catoe Thu, 10/22/2009 - 09:12

Ok, that helps alot, so i need to just make sure that AD and RSA have the same usernames.

Thanks for you help

Actions

This Discussion