it is possible to map each user in AAA to CN field located in certificat?

Unanswered Question
Feb 25th, 2010

hello

I am using certificate for VPN remote access.

it is possible to map each user in AAA to CN field located in certificat?

thank you for your help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Erick Delgado Wed, 03/03/2010 - 06:17

Hi,

Please see this configuration example.

ldap attribute-map memberOf
  map-name  memberOf IETF-Radius-Class
  map-value memberOf CN=VPN,CN=Users,DC=cisco,DC=com CAC-Users

aaa-server LDAP protocol ldap
aaa-server LDAP (outside) host 192.168.250.27
ldap-base-dn DC=cisco,DC=com
ldap-scope subtree
ldap-naming-attribute sAMAccountName
ldap-login-password *
ldap-login-dn CN=asaldap,CN=Users,DC=cisco,DC=com
server-type microsoft
ldap-attribute-map memberOf

tunnel-group vpnclient type remote-access
tunnel-group vpnclient general-attributes
address-pool VPN
authorization-server-group LDAP
authorization-required
username-from-certificate CN
tunnel-group vpnclient ipsec-attributes
trust-point LDAP
isakmp ikev1-user-authentication none

group-policy CAC-Users internal
group-policy CAC-Users attributes
dns-server value 192.168.250.27
split-tunnel-policy tunnelspecified
split-tunnel-network-list value split

If you have any question let me know.

Actions

This Discussion