cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
840
Views
0
Helpful
2
Replies

Openldap and ASA

ssocsupport
Level 1
Level 1

Folks,

We have a requirement here

Integration of openldap with Cisco ASA for SSL VPN users acting openldap and primary authentication and firewall local database as secondary (if openldap fails)

We have below configuration

aaa-server ldap1 protocol ldap
aaa-server ldap1 (AB) host AUTH-SERVER1
ldap-base-dn dc=testgroup,dc=com
ldap-scope subtree
ldap-naming-attribute cn
ldap-login-password *
ldap-login-dn cn=Manager,dc=testgroup,dc=com
ldap-over-ssl enable
server-type openldap
authentication-server-group ldap1 LOCAL
authentication-server-group (AB) ldap1 LOCAL

In openldap, we have seven different groups created.

Similarly in firewall seven groups are created for SSL VPN access and users are binded with

Here is the problem description

1. Users are able to authen

2 Replies 2

ssocsupport
Level 1
Level 1

As the device has sevel ssl vpn groups configured, the integration should work only from the respective groups.

but here the problem is user is able to authenticate in other groups as well.

pls help

Folks,

PLS HELP here

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: