Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
New Member

AAA - LDAP test "rejected: memory error"

Trying to configure VPN on a Cisco 5510 to use LDAP for authorization (used a Cisco document for implementing Kerberos/LDAP AAA with Windows AD).

Kerberos authentication works just fine, but when I test the LDAP AAA group I get -

"Authorization Rejected: memory error"

I haven't been able to find ANY info regarding that error message on the interwebz. I know it's reaching the domain controller just fine, but something isn't quite right. Any ideas?


Re: AAA - LDAP test "rejected: memory error"

The security appliance supports user authorization on an external LDAP or RADIUS server. Before you configure the security appliance to use an external server, you must configure the server with the correct security appliance authorization attributes and, from a subset of these attributes, assign specific permissions to individual users.

There are some known issues with LDAP and 7.1(1)(If you are using). You may try upgrading to the latest 7.1.2 interim release.

New Member

Re: AAA - LDAP test "rejected: memory error"

We're actually on release 8.03

I haven't had time to look at this issue again yet (ahh family vacations =)) but hopefully in the next week I will.

Meanwhile, here's a bit of the config if that helps anyone


aaa-server Authent_grp protocol kerberos

aaa-server Authent_grp host X.X.X.152

kerberos-realm DOMAIN.COM

aaa-server Authent_grp host X.X.X.151

kerberos-realm DOMAIN.COM

aaa-server Author_grp protocol ldap

aaa-server Author_grp host X.X.X.152

ldap-base-dn ou=Users

ldap-scope onelevel

ldap-naming-attribute uid

ldap-login-password *

ldap-login-dn cn=admin,cn=Users,dc=domain,dc=com

server-type microsoft


CreatePlease to create content