Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

ASA and LDAP

Hy everyone!

I have an ASA talking to an LDAP to perform the VPN logins. So far I have this configuration working fine:

ou=ciscovpn,o=example

So every user under ou CiscoVPN can login. But now I have a problem: there are several users in different ou which needs to login also, and I don't know how to auth just those I want to. Example:

cn=user1,ou=hr

cn=user2,ou=hr

cn=user3,ou=admin

cn=user4,ou=admin

Let's say we have that config, how can I do to grant access JUST to user1 and user 4? Of course I cannot move users between ou's because the tree is already working fine for some other internal accesses.

Thanks in advance!!!

Everyone's tags (2)
2 REPLIES
Community Member

ASA and LDAP

Hi,

Are you able to create a security group in AD, add users to the group, and authenticate to that security group?

See url for reference:

http://www.netcraftsmen.net/component/content/article/67-network-security/771-asa-vpn-ldap-authentication-with-group-membership-verification.html

Hope this helps

Community Member

Re: ASA and LDAP

Hi Pablo,

As Steven mentioned you will Need an extra Security Group Where all Users are Members that should have Access to the VPN.

Something like Group: VPN_access which you will Check with an LDP attribute map

If you Need Special Filters or acl's Applied to the ou's like HR you can define that with DAP.

Sent from Cisco Technical Support iPad App

413
Views
0
Helpful
2
Replies
CreatePlease to create content