Below you will see that I have configured two memberOf mapings. The second is what I need help with.
The first AD group named VPN_CORP contains users that require access to our corporate office through VPN. This works fine.
However, I think it would be easier to adminisrate if I can drag user groups under the VPN_CORP group. I've created
this second "Finance users" mapping and placed an existing AD user group named 'Finance Users' under VPN_CORP.
My problem is this isn't working. Although the AD group "Finance Users" is under VPN_CORP, if I execute a domain 'find'
searching for my test user dfood, it doesn't show me that dfood is suboedenant to group VPN_CORP, Finance Users but rather
only the original path where the user group Finance Users truely exist.
I know I can enter the full path to the true OU and this would work but this is defeating the purpose
of simplifying this.
I guess what I'm trying to ask is how can I configure this to traverse groups dropped into the
container VPN_CORP? Am I stuck adding users individually?
ldap attribute-map ACME_LDAP_Map
map-name memberOf IETF-Radius-Class
map-value memberOf CN=VPN_CORP,CN=Users,DC=acme,DC=com CORP-Policy
map-value memberOf “CN=Finance Users,CN=VPN_CORP,CN=Users,DC=acme,DC=com” CORP-Policy
aaa-server LDAP_SRV_GRP (inside) host 10.8.16.140